Slashdot Mirror

← Back to Stories (view on slashdot.org)

Designing Software With Privacy in Mind

Posted by Zonk on from the should-be-high-on-the-list dept.

dalektcalum writes "Dr. Ann Cavoukian, Canada's Information and Privacy Commissioner, recently gave a talk entitled Privacy by Design. The talk starts off by covering the basics of privacy, and privacy law, and then moves onto the important component: how to design software that properly protects users privacy. The majority of the talk is spent on design principles, but also examines specific technologies (such as Elliptical Curve Cryptography)." The site includes a flash video of the talk, but there are also several torrents for folks who want to avoid hammering their servers.

17 of 77 comments (clear)

  1. Konspiracy by bigmacd24 · · Score: 3, Funny

    Bah, user privacy my bottom. Information wants to be free! Now the government privacy komisar wanting to implement biometrics to 'protect' me seems like some crazy leftist nutjob after my vital fluids.

  2. important points by crazyirishhobo · · Score: 5, Interesting

    Privacy is really important, and watching this talk makes me realize, I have not being doing my part as a software developer to respect users privacy. Hell I log way too much information, just to make debugging a little easier on the off chance I have to debug it in production. I'd encoruage all software developers out there to watch this talk, and take its message to heart.

    1. Re:important points by mOdQuArK! · · Score: 2, Insightful

      That works right up until you're trying to debug a problem which occurs only in production.

    2. Re:important points by quanticle · · Score: 2, Interesting

      If you have problems in production that you don't have in test, then you're not doing your job properly. Ideally, you should be getting problems in test that you don't get in production, as you're pushing your code past realistic limits to see how it fails.

      --
      We all know what to do, but we don't know how to get re-elected once we have done it
  3. Possession is 9 points of the law by shanen · · Score: 4, Insightful

    I'll believe they [the big companies and the government] are sincere about my privacy when they agree to store my personal information on *MY* disk space. Whenever they want to look at my personal information they need to tell me why, and I should have the right to say yea or nay to that request. Right now they claim that my personal information belongs to them, and there's no way for me to know anything about what they are doing with it.

    In more detail, this should actually be implemented by my settings of my privacy preferences. Most requests would be handled routinely without my needing to consider them in detail. For example, if I'm requesting a loan from my bank and they want to check my credit history, then my privacy policy would be to check that it was really my bank and that I had really initiated the loan request, and then they could look at the required information. If they need to compile some summary statistics, I'd agree for them to look at some of my information long enough to tally it. Etc., etc.

    If they need to make sure that I don't tamper with my data, they can sign it and put a checksum on it, and I won't be able to tamper with it. There are actually technologies that would still allow me to see what the information is even in that case. Actually, any technical problem you want to point at, I can refer you to the solutions. They are already published in the literature.

    The *REAL* problem is that the companies want to own us.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  4. misread... by cosmocain · · Score: 4, Funny

    ...but interesting, too. ;)

    Designing Software With Piracy in Mind

  5. A concrete example for Gmail by shanen · · Score: 2, Interesting

    Picking on Google because of their prominence, but this is how Gmail could be designed to really respect my privacy by storing the data on my own computer. (This would also take care of the 2 GB limitation.)

    The email and the indexes would live on my machine. When I reading some email with Gmail, it would scan the email and send only the appropriate keywords to Google, and they would respond with the appropriate ads to be displayed in the appropriate boxes on my computer--but they would not have any direct access to my email once I had received it.

    This would actually open up a new field of backup services for email. Google could encrypt the email on my machine and backup only the encrypted data at their end. The encryption and decryption key need never be seen at their end--though of course I need to store them somewhere apart from the machine that is being backed up. They could also provide email syncing services in the same way without ever seeing the clear data that is being synced.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
    1. Re:A concrete example for Gmail by RAMMS+EIN · · Score: 4, Insightful

      That might work for you if you keep your computer on and connected to the Internet at all time. Back in the day, people used web mail exactly because they didn't have a computer that was always connected to the 'net. If you do have a computer that is always on, you have no use for gmail. Just host your mail on your computer and you _will_ be in control, not just with respect to privacy, but also about the interface, supported protocols, ecryption, filtering; everything.

      --
      Please correct me if I got my facts wrong.
    2. Re:A concrete example for Gmail by noidentity · · Score: 4, Insightful

      You do realize that e-mail is sent in cleartext the whole way, don't you?

  6. Privacy by hyades1 · · Score: 2, Insightful

    You might want to pay attention to what Dr. Cavoukian says. I've followed her public statements for quite a while, and she understands clearly what we're on the verge of throwing away by being casual about our privacy.

    Just as an aside: You'll notice when you deal with privacy issues that many of the people who say, "If you aren't doing anything wrong, what are you trying to hide?" usually have pretty rigid limits on what parts of their own lives are on public display. Powerful organizations and people have tools to limit what you learn about them. Average folks have only their rights under the constitution. You won't have them for long if you forget that as a law-abiding citizen living your life in a free society, it's your right not to be bothered by people sticking their nose in your business.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
    1. Re:Privacy by RAMMS+EIN · · Score: 4, Interesting

      So, perhaps you can explain to us all exactly why privacy is so important. The whole story, because I'm sure we've all seen bits and pieces before. What exactly is the risk in letting some organization know everything about everyone? Would the same risk exist if everybody knew everything about everyone? Is the only organization we need to be afraid of the government, or are there others? What are the different kinds of information we need to be concerned about, and what are their relative values? If you could gain a hundred dollars by it, what would you be willing to give up? A million dollars? Your living expenses covered for the rest of your life? What information would you never want to give up, no matter what the reward? Does it depend in any way on societal taboos? If so, isn't the real problem the taboos, not the availability of information? Wouldn't the taboos disappear once we knew, for example, how many people really had visited porn sites? If you did something illegal and the government knew, a malicious government could arrest you for it. A malicious government could also arrest you even if you had never done anything illegal. So what does it matter what the government knows? Etc.

      --
      Please correct me if I got my facts wrong.
  7. databases are risks by erlehmann · · Score: 2, Informative

    somehow it's simple: when government or bigbiz collects information about you, this information is stored in databases. from these information, conclusions are drawn. the simplest thing is that a health insurance won't accept you b/c you are genetically inferior. but, speaking of government, one german citizen was abducted by the CIA [1], another man was wrongfully imprisoned in guantanamo for 5 years [2].

    this happened due to some entries in some databases about them hanging around with the wrong people.

    [1] http://en.wikipedia.org/wiki/Khalid_El-Masri
    [2] http://en.wikipedia.org/wiki/Murat_Kurnaz

  8. Re:unbelievable... by cosmocain · · Score: 2, Insightful

    it is simpler to use the pirated copy. actually, it is - you don't have to activate anything, no personal data/information is transmitted or anything else of the downsides of legal copies. but is guess, we're getting near the -1, offtopic moderation ;)
  9. Re:About Having Nothing to Hide by Plutonite · · Score: 3, Insightful

    I'm aware you're on the pro-privacy side, but it should not have to come to this. We DO have nothing to hide, some of us, yet the sanctity of our privacy should not be violated by anybody all the same. Even if we feel comfortable revealing something (information, body parts..etc) the revealing should still be a matter of our choice, done with our permission and with our knowledge. Why should I be compelled to do something that I have no interest in doing? Because you are asking me to? Who gives you authority over me? There are nudists who are perfectly convinced they have nothing to hide, and indeed they take it all off. But not for you. It's called freedom.

    Your rhetoric is un-nice.

  10. Small Correction by sdt · · Score: 2, Informative

    She's not Canada's privacy commissioner, she's Ontario's (a province of Canada) Information and Privacy Commissioner.

  11. Re:About Having Nothing to Hide by turbidostato · · Score: 3, Insightful

    "I haven't yet seen a convincing argument as to the why."

    That's because there's no argument to give. Privacy is the naturale state of things: you usually don't know anything about me. Then it is the one that breaks such a 'statu quo' the one that needs to convincingly argument about their intentions. I need no other "convincing argument" for my privacy than "such is my mood".

  12. Down with privacy? by hdon · · Score: 3, Interesting

    I'm glad some people are being honest and asking questions. Kudos to RAMMS+EIN.

    Claiming that privacy's significance is fundamentally rooted in philosophical axioms specifically about privacy are all fine and well, but for those of us who live for more important things in life, something a bit more substantial is required.

    IMHO, the significance of privacy breaks down into four issues, all derived from axiomatic benevolence (a very popular axiom):

    1) Societal taboos: Society is irrational. Most people are not bright thinkers, and have a great deal of difficulty with the abstract logic required to view all aspects of life from an objective point of view (no, objective POV does not mean mean or median point of view; FOX news is not "fair and balanced.") If we lived in a society which had a strong rational majority, this point would be rendered pretty irrelevant. Take the relatively recent acceptance of homosexuality by society: if society were largely rational, then pre-existing societal taboos would not be a compelling reason to protect people's privacy. However, since social revolutions don't occur over night, the only way to let such people live in peace is to give them a degree of privacy within which to live. If we took away their privacy now, many people might simply choose to wholly deny their secret inclinations, and no social revolution would ever occur.

    2) Omniscience versus state secrets: Are the majority of surveillance advocates actually suggesting we divulge all state secrets? Personally, I'm in favor of an entirely transparent government. However if this is not part of the no-privacy-deal, get ready for a kick in the nuts: The power to erase privacy is an awesomely frightening power that makes conspiracy theories start to look like real possibilities. If you're used to summarily disregarding conspiracy theorists as raving madmen, and you don't think privacy is important, get ready to change your tune. Once the kind of concentrated surveillance power the Bush administration dreams of actually exists, there ceases to be a practical limit domestic black ops. The most convoluted of conspiracy theories will no longer be relegated to novels, it will really be able to happen. (I'm not accusing the government of doing anything like this, but the government isn't a single person. Resist the inclination to personify organizations; they aren't that simple. A single rogue government agent with sufficient power would be all that's needed.)

    3) Revolution: Strongly related to the first two points is something that has already been demonstrated (and demonstrated against) in our own country. Giving the government or the public access to everything you read is not completely unlike giving them access to everything you think. There are people in our country, including many of middle-eastern descent, who have a real, credible fear of purchasing certain books with a credit card, or checking them out at a library. Profiling, no matter how distasteful, is real, and its role in law enforcement is not going to go away. Beside that, there is the issue of trial in the court of public opinion: People should not have to face ridicule or discriminatory treatment for entertaining or studying currently-unfavorable ideas. Our culture would be locked into the status quo, with no opportunity for radical improvement.

    4) Law enforcement: Although this point is largely predicated upon the potential for a fully pervasive surveillance system, it's still an important consideration. A public policy dismantling any notions of personal privacy does not automatically compel individuals to actually comply to the point of volunteering the most private details of their lives. Every person with a vibrator or porno collection to hide would be highly suspect in a community where everyone let the cops rummage through their homes on a whim. This is the same reason I use encryption to communicate with friends and colleagues, and the same reason that I don't allo