Slashdot Mirror

← Back to Stories (view on slashdot.org)

Designing Software With Privacy in Mind

Posted by Zonk on from the should-be-high-on-the-list dept.

dalektcalum writes "Dr. Ann Cavoukian, Canada's Information and Privacy Commissioner, recently gave a talk entitled Privacy by Design. The talk starts off by covering the basics of privacy, and privacy law, and then moves onto the important component: how to design software that properly protects users privacy. The majority of the talk is spent on design principles, but also examines specific technologies (such as Elliptical Curve Cryptography)." The site includes a flash video of the talk, but there are also several torrents for folks who want to avoid hammering their servers.

6 of 77 comments (clear)

  1. important points by crazyirishhobo · · Score: 5, Interesting

    Privacy is really important, and watching this talk makes me realize, I have not being doing my part as a software developer to respect users privacy. Hell I log way too much information, just to make debugging a little easier on the off chance I have to debug it in production. I'd encoruage all software developers out there to watch this talk, and take its message to heart.

  2. Possession is 9 points of the law by shanen · · Score: 4, Insightful

    I'll believe they [the big companies and the government] are sincere about my privacy when they agree to store my personal information on *MY* disk space. Whenever they want to look at my personal information they need to tell me why, and I should have the right to say yea or nay to that request. Right now they claim that my personal information belongs to them, and there's no way for me to know anything about what they are doing with it.

    In more detail, this should actually be implemented by my settings of my privacy preferences. Most requests would be handled routinely without my needing to consider them in detail. For example, if I'm requesting a loan from my bank and they want to check my credit history, then my privacy policy would be to check that it was really my bank and that I had really initiated the loan request, and then they could look at the required information. If they need to compile some summary statistics, I'd agree for them to look at some of my information long enough to tally it. Etc., etc.

    If they need to make sure that I don't tamper with my data, they can sign it and put a checksum on it, and I won't be able to tamper with it. There are actually technologies that would still allow me to see what the information is even in that case. Actually, any technical problem you want to point at, I can refer you to the solutions. They are already published in the literature.

    The *REAL* problem is that the companies want to own us.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  3. misread... by cosmocain · · Score: 4, Funny

    ...but interesting, too. ;)

    Designing Software With Piracy in Mind

  4. Re:A concrete example for Gmail by RAMMS+EIN · · Score: 4, Insightful

    That might work for you if you keep your computer on and connected to the Internet at all time. Back in the day, people used web mail exactly because they didn't have a computer that was always connected to the 'net. If you do have a computer that is always on, you have no use for gmail. Just host your mail on your computer and you _will_ be in control, not just with respect to privacy, but also about the interface, supported protocols, ecryption, filtering; everything.

    --
    Please correct me if I got my facts wrong.
  5. Re:Privacy by RAMMS+EIN · · Score: 4, Interesting

    So, perhaps you can explain to us all exactly why privacy is so important. The whole story, because I'm sure we've all seen bits and pieces before. What exactly is the risk in letting some organization know everything about everyone? Would the same risk exist if everybody knew everything about everyone? Is the only organization we need to be afraid of the government, or are there others? What are the different kinds of information we need to be concerned about, and what are their relative values? If you could gain a hundred dollars by it, what would you be willing to give up? A million dollars? Your living expenses covered for the rest of your life? What information would you never want to give up, no matter what the reward? Does it depend in any way on societal taboos? If so, isn't the real problem the taboos, not the availability of information? Wouldn't the taboos disappear once we knew, for example, how many people really had visited porn sites? If you did something illegal and the government knew, a malicious government could arrest you for it. A malicious government could also arrest you even if you had never done anything illegal. So what does it matter what the government knows? Etc.

    --
    Please correct me if I got my facts wrong.
  6. Re:A concrete example for Gmail by noidentity · · Score: 4, Insightful

    You do realize that e-mail is sent in cleartext the whole way, don't you?