Slashdot Mirror

← Back to Stories (view on slashdot.org)

Designing Software With Privacy in Mind

Posted by Zonk on from the should-be-high-on-the-list dept.

dalektcalum writes "Dr. Ann Cavoukian, Canada's Information and Privacy Commissioner, recently gave a talk entitled Privacy by Design. The talk starts off by covering the basics of privacy, and privacy law, and then moves onto the important component: how to design software that properly protects users privacy. The majority of the talk is spent on design principles, but also examines specific technologies (such as Elliptical Curve Cryptography)." The site includes a flash video of the talk, but there are also several torrents for folks who want to avoid hammering their servers.

8 of 77 comments (clear)

  1. Possession is 9 points of the law by shanen · · Score: 4, Insightful

    I'll believe they [the big companies and the government] are sincere about my privacy when they agree to store my personal information on *MY* disk space. Whenever they want to look at my personal information they need to tell me why, and I should have the right to say yea or nay to that request. Right now they claim that my personal information belongs to them, and there's no way for me to know anything about what they are doing with it.

    In more detail, this should actually be implemented by my settings of my privacy preferences. Most requests would be handled routinely without my needing to consider them in detail. For example, if I'm requesting a loan from my bank and they want to check my credit history, then my privacy policy would be to check that it was really my bank and that I had really initiated the loan request, and then they could look at the required information. If they need to compile some summary statistics, I'd agree for them to look at some of my information long enough to tally it. Etc., etc.

    If they need to make sure that I don't tamper with my data, they can sign it and put a checksum on it, and I won't be able to tamper with it. There are actually technologies that would still allow me to see what the information is even in that case. Actually, any technical problem you want to point at, I can refer you to the solutions. They are already published in the literature.

    The *REAL* problem is that the companies want to own us.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  2. Privacy by hyades1 · · Score: 2, Insightful

    You might want to pay attention to what Dr. Cavoukian says. I've followed her public statements for quite a while, and she understands clearly what we're on the verge of throwing away by being casual about our privacy.

    Just as an aside: You'll notice when you deal with privacy issues that many of the people who say, "If you aren't doing anything wrong, what are you trying to hide?" usually have pretty rigid limits on what parts of their own lives are on public display. Powerful organizations and people have tools to limit what you learn about them. Average folks have only their rights under the constitution. You won't have them for long if you forget that as a law-abiding citizen living your life in a free society, it's your right not to be bothered by people sticking their nose in your business.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  3. Re:A concrete example for Gmail by RAMMS+EIN · · Score: 4, Insightful

    That might work for you if you keep your computer on and connected to the Internet at all time. Back in the day, people used web mail exactly because they didn't have a computer that was always connected to the 'net. If you do have a computer that is always on, you have no use for gmail. Just host your mail on your computer and you _will_ be in control, not just with respect to privacy, but also about the interface, supported protocols, ecryption, filtering; everything.

    --
    Please correct me if I got my facts wrong.
  4. Re:unbelievable... by cosmocain · · Score: 2, Insightful

    it is simpler to use the pirated copy. actually, it is - you don't have to activate anything, no personal data/information is transmitted or anything else of the downsides of legal copies. but is guess, we're getting near the -1, offtopic moderation ;)
  5. Re:About Having Nothing to Hide by Plutonite · · Score: 3, Insightful

    I'm aware you're on the pro-privacy side, but it should not have to come to this. We DO have nothing to hide, some of us, yet the sanctity of our privacy should not be violated by anybody all the same. Even if we feel comfortable revealing something (information, body parts..etc) the revealing should still be a matter of our choice, done with our permission and with our knowledge. Why should I be compelled to do something that I have no interest in doing? Because you are asking me to? Who gives you authority over me? There are nudists who are perfectly convinced they have nothing to hide, and indeed they take it all off. But not for you. It's called freedom.

    Your rhetoric is un-nice.

  6. Re:important points by mOdQuArK! · · Score: 2, Insightful

    That works right up until you're trying to debug a problem which occurs only in production.

  7. Re:A concrete example for Gmail by noidentity · · Score: 4, Insightful

    You do realize that e-mail is sent in cleartext the whole way, don't you?

  8. Re:About Having Nothing to Hide by turbidostato · · Score: 3, Insightful

    "I haven't yet seen a convincing argument as to the why."

    That's because there's no argument to give. Privacy is the naturale state of things: you usually don't know anything about me. Then it is the one that breaks such a 'statu quo' the one that needs to convincingly argument about their intentions. I need no other "convincing argument" for my privacy than "such is my mood".