IN5540 Privacy by Design

(1)

KARLSTAD UNIVERSITY Dr. Lothar Fritsch

IN5540 – Privacy by Design

Prof. Dr. Lothar Fritsch Oslo, 2021

(2)

Lothar Fritsch?

• Researcher in information security & privacy at KAU

• Academic teacher

• Focus:

Privacy and Identity Management, Cyber Security

(3)

INF5540 – Privacy by Design

Content:

This course is an introduction into information privacy and into its

application to software design and maintenance. It covers regulatory and

philosophical foundations of privacy and data protection, technological

aspects and aspects of risk management and of software design and

maintenance.

(4)

INF5540: Privacy by Design



Course material fully available on CANVAS



Bi-weekly lectures followed by case studies & student presentations



FLIPPED CLASSROOM approach: Students read/watch on-line course material BEFORE coming to the respective lecture session. Lecture will be interactive discussion of content and examples



Each student will – in a group of 3 students – write one home assignment that will be presented by the students in the case study sessions after the lecture.



There will be a final exam (digital, mandatory)

(5)

Group assignment

 We’ll let you form groups of 3 students. Send me an e-mail (1 mail per group) with the names of your group members and the 1.,2. and 3. choice for a presentation topic from the schedule.

 After each lecture session, 1-2 groups will receive a home assignment. The assignments will be handed in 2 weeks later as a written report – and it will get presented in the session after the next lecture.

Lecture modus



Off-campus, no meetings in lecture hall due to COVID-19 measures.



On-line course materials and reading lists



Presentations and group work space: Zoom

(6)

Privacy - history



”Right to be left alone”



Warren/Brandeis i 1890 i USA.



Reaction to paparazzi intrusions in new media (press photography)

"Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the

right "to be let alone" Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and

domestic life; and numerous mechanical devices threaten to make good the prediction that "what is whispered in the closet shall be proclaimed from the house-tops."

Warren/Brandeis, The Right to Privacy“,4 Harvard L.R. 193 (Dec. 15, 1890).

(7)

Accenture report: Building digital trust: The role of data ethics in the digital age, https://www.accenture.com/us-en/insight-data-ethics, accessed April 2018

(8)

Privacy - history



Portable punchcard encoder.

Museum für Kommunikation, Frankfurt am Main, Tyskland.

(9)

Privacy - history



«Racial components»

classified in census 1938



Based on Scandinavian

«racial biology» research about superiority of

«purebred white race»

developed at

Rasebiologisk institut in Uppsala, Sweden

(10)

Privacy - history



«Oversight with Holleriths punchcards!»

(11)

Declaration of Human Rights, 1948

"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation.

Everyone has the right to the protection of the law against such interference or attacks."

(Article 12, The Universal Declaration of Human Rights , 1948)

(12)

Bloustein (1964). “inviolate personality” is the social value protected by privacy. “A man whose … conversation may be overheard at the will of another, whose marital and familial intimacies may be overseen at the will of another, is less of a man, has less human dignity, on that account.”

Westin (1967) defines privacy as (the) claim of individuals . . . to determine for themselves when, how, and to what extent information about them is communicated to others.

Fried (1968/1984). Privacy is the control we have over information about ourselves.

Breckenridge (1970). Privacy is the rightful claim of the individual to determine the extent to which he wishes to share of himself with others and his control over the time, place and circumstances to communicate with others.

Altman (1975). ….boundary control mechanism for limiting information flows…. Primary (has control)…semi- public (moderate control) …public (no control).

Posner (1978). …withholding and concealment of information… …economic interest….. thought of as property that can be bought and sold.

Gavison (1980). Privacy is limitation of others’ access’’ to information about individuals. What constitute limited access is the three independent and irreducible elements: secrecy, anonymity, and solitude.

Schoeman (1984). three categories: (i) privacy as a claim, entitlement, or right; (ii) privacy as a measure of control over information, intimacies, or access; and (iii) privacy as a state or condition of limited access to a person.

(13)

Privacy issues in information techology

(14)

Duality of privacy risks

Fritsch, L., Abie, H.: Towards a Research Road Map to the Management of Privacy Risks in Information Systems.

In: Sicherheit 2008: Sicherheit, Schutz und Zuverlässigkeit, Lecture Notes in Informatics LNI 128, pp. 1-15. (2008)

Gesellschaft für Informatik, Bonn.

(15)

3rd party tracking

A screenshot of Lightbeam, an add-on for Firefox that lets you see what third party sites you’ve connected to during your web browsing. After opening the frontpages of Fox News, Buzzfeed, CNN, and The Washington Post, we’ve been connected to 206 third party sites

http://textcontex.web.unc.edu/2015/11/05/user-data-a-new-commodity-for-an-interconnected-age/

(16)

Data is the new oil … what about the oil spills?



Massive data collection, analysis and distribution capacity



”Big Data” promises near-magic self learning, knowledge-discovering and artificially intelligent computers – if they just get fed enough information.



Data leakage, data sabotage, espionage and poor data quality are serious threats



Hard to revert a ”data spill” once data has leaked, been stolen or published.



Potential for personal compromise as well as a threat to IT product vendors – or endangering national security and sovereignty

(17)

ENISA PIA Impact Levels

LEVEL OF IMPACT

DESCRIPTION

Low Individuals may encounter a few minor inconveniences, which they will overcome without any problem (time spent re-entering information, annoyances, irritations, etc.).

Medium Individuals may encounter significant inconveniences, which they will be able to overcome despite a few difficulties (extra costs, denial of access to business services, fear, lack of understanding, stress, minor physical ailments, etc.).

High Individuals may encounter significant consequences, which they should be able to overcome albeit with serious difficulties (misappropriation of funds, blacklisting by financial institutions, property damage, loss of employment, subpoena, worsening of health, etc.).

Very high Individuals which may encounter significant, or even irreversible consequences, which they may not overcome (inability to work, long-term psychological or physical ailments, death, etc.).

The European Union Agency For Network and Information Security (ENISA) has publishedguidelines for privacy risk assessment for Small and Medium Enterprises that contain guidance on privacy impact assessment focused on individual data subjects in chapter 3 on page 19. There, four levels of privacy impact are defined:

ENISA: Guidelines for SMEs on the security of personal data processing, December 2016, ISBN 978-92-9204-209-7, DOI 10.2824/867415, European Union Agency For Network and Information Security.

(18)

The World’s Biggest Data Breaches

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

(19)

Personvern– VAL200 – Westerdals, Oslo

GDPR fines tracker

http://www.enforcementtracker.com/