DOCSLIB.ORG

Embedding Privacy Into Software Systems : a Privacy Engineering Methodology for Data Minimisation

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Embedding Privacy Into Software Systems : a Privacy Engineering Methodology for Data Minimisation The University of New South Wales SCHOOL OF ENGINEERING AND INFORMATION TECHNOLOGY Embedding Privacy into Software Systems : A Privacy Engineering Methodology for Data Minimisation Awanthika Rasanjalee Senarath z5122081 A thesis submitted in fulfilment of the requirements for the degree of Doctor of Philosophy (Computer Science) December 2019 Supervised by Dr. Nalin Asanka Gamagedara Arachchilage External Supervisor Dr. Marthie Grobler Abstract Ubiquitous software systems (online shopping, social networking apps) to- day collect, store and process user data, such as users name, age, credit card number and location. If these systems collect unnecessary data, and store and share data without implementing privacy, data could be hacked and used to steal a users identity, or to cause reputation or/and financial loss to users. Therefore, systems should be designed taking privacy into account. Data Min- imisation (DM) is a privacy concept that is recognised in the European General Data Protection Directive, which shows that systems should minimise the col- lection and use of data in a system by design. However, the developers who design systems are not privacy experts. They are unable to implement DM in systems without guidance. Therefore, the research reported in this thesis focuses on developing a Privacy Engineering Methodology (PEM) that would enable developers to implement DM in software systems through understand- ing data privacy risks. Three experiments were conducted in this endeavour. The first experiment investigated the difficulties faced by developers when fol- lowing privacy concepts, similar to DM into their development practices. The findings showed that developers lacked knowledge on privacy concepts and that most concepts are not compatible with the way developers usually work. The second experiment investigated privacy risks associated with data in software systems. The results indicated that the sensitivity of data and the visibility of the data in a system were directly proportional to the data privacy risk, and the relevance of data to the system was inversely proportional to the data privacy risk. Knowledge from experiments one and two were used to develop a PEM that enables developers to practice DM through understanding the data privacy risks associated with data. The final experiment of the thesis inves- iii tigated the intention of software developers to use the PEM using a modified version of the Technology Acceptance Model (TAM). Results indicated that developers had a positive intention to use the PEM and that understanding data privacy risks enable developers to decide how to ensure user privacy in systems. Therefore, this thesis determines that data privacy risks could be used as an effective tool to enable software developers to practice DM. The thesis also encourages that common privacy theories should be presented as PEMs to enable developers to use them within their development practices. June 20, 2020 iv Publications The following publications are based on the research reported in this thesis. Table 1: Publications Publications [Ranking based on Impact CORE/ACPHIS/ABCD/ERA] Factor Senarath, A., Arachchilage, N. A. G., (2018), \Why developers can- N/A not embed privacy into software systems? An empirical investigation", In Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018 (EASE'18). ACM, New York, NY, USA, 211-216. [Rank - A] [Best Paper Award]. Senarath, A., Arachchilage, N. A. G., (2019), \Will they use it or 2.103 not? Investigating Software Developers intention to follow Privacy En- gineering Methodologies", ACM Transactions on Privacy and Security (TOPS), ACM. [Rank - A] Senarath, A., Arachchilage, N. A. G., (2019), \Data Protection Reg- 2.849 ulations and Engineering Data Minimization for compliance.", Com- puters and Security, Elsevier. [Rank - A] Senarath, A., Arachchilage, N. A. G. 2018. Understanding Software N/A Developers' Approach towards Implementing Data Minimization, 4th Workshop on Security Information Workers at SOUPS, 2018. Senarath, A., Arachchilage, N. A. G. 2018. Understanding user pri- 3.714 vacy expectations: A software developers perspective, Telematics and Informatics, Volume 35, Issue 7, October 2018, pp 1845-1862. Senarath, A., Arachchilage, N. A. G. 2017. Understanding Organ- N/A isational Approach towards End User Privacy, Australian Conference on Information Systems, 2017. [Rank - A] Senarath, A., Arachchilage, N. A. G., Grobler, M., (2019), A model N/A for system developers to measure the privacy risk of data, 52nd Hawaii International, Conference on System Sciences (HICSS), January 2019. Senarath, A., Arachchilage, N. A. G., Slay J., (2017),Designing Pri- N/A vacy for You: A Practical Approach for User-Centric Privacy. Lecture Notes in Computer Science, Vol. 10292. Springer, Cham, 2017. Senarath, A., Arachchilage, N. A. G. (2020),The Unheard Story of N/A Organizational Motivations Towards User Privacy, Security, Privacy, and Forensics Issues in Big Data, January 2020. June 20, 2020 COPYRIGHT STATEMENT ‘I hereby grant the University of New South Wales or its agents a non-exclusive licence to archive and to make available (including to members of the public) my thesis or dissertation in whole or part in the University libraries in all forms of media, now or here after known. I acknowledge that I retain all intellectual property rights which subsist in my thesis or dissertation, such as copyright and patent rights, subject to applicable law. I also retain the right to use all or part of my thesis or dissertation in future works (such as articles or books).’ ‘For any substantial portions of copyright material used in this thesis, written permission for use has been obtained, or the copyright material is removed from the final public version of the thesis.’ Signed ……………………………………………........................... Date …………………………………………….............................. AUTHENTICITY STATEMENT ‘I certify that the Library deposit digital copy is a direct equivalent of the final officially approved version of my thesis.’ Signed ……………………………………………........................... Date …………………………………………….............................. UNSW is supportive of candidates publishing their research results during their candidature as detailed in the UNSW Thesis Examination Procedure. Publications can be used in their thesis in lieu of a Chapter if: ● The candidate contributed greater than 50% of the content in the publication and is the “primary author”, ie. the candidate was responsible primarily for the planning, execution and preparation of the work for publication ● The candidate has approval to include the publication in their thesis in lieu of a Chapter from their supervisor and Postgraduate Coordinator. ● The publication is not subject to any obligations or contractual agreements with a third party that would constrain its inclusion in the thesis Please indicate whether this thesis contains published material or not: This thesis contains no publications, either published or submitted for publication ☐ (if this box is checked, you may delete all the material on page 2) Some of the work described in this thesis has been published and it has been X documented in the relevant Chapters with acknowledgement (if this box is checked, you may delete all the material on page 2) This thesis has publications (either published or submitted for publication) ☐ incorporated into it in lieu of a chapter and the details are presented below CANDIDATE’S DECLARATION I declare that: ● I have complied with the UNSW Thesis Examination Procedure ● where I have used a publication in lieu of a Chapter, the listed publication(s) below meet(s) the requirements to be included in the thesis. Candidate’s Name Signature Date (dd/mm/yy) ORIGINALITY STATEMENT ‘I hereby declare that this submission is my own work and to the best of my knowledge it contains no materials previously published or written by another person, or substantial proportions of material which have been accepted for the award of any other degree or diploma at UNSW or any other educational institution, except where due acknowledgement is made in the thesis. Any contribution made to the research by others, with whom I have worked at UNSW or elsewhere, is explicitly acknowledged in the thesis. I also declare that the intellectual content of this thesis is the product of my own work, except to the extent that assistance from others in the project's design and conception or in style, presentation and linguistic expression is acknowledged.’ Signed …………………………………………….............. Date …………………………………………….............. Surname/Family Name : Senarath Given Name/s : Awanthika Rasanjalee Abbreviation for degree as give in the University calendar : Faculty : School : Embedding Privacy into Software Systems : A PrivacyEngineering Thesis Title : Methodology for Data Minimisation Abstract 350 words maximum: (PLEASE TYPE) Ubiquitous software systems (online shopping, social networking apps) today collect, store and process user data, such as user’s name, age, credit card number and location. If these systems collect unnecessary data, and store and share data without implementing privacy, data could be hacked and used to steal a users’ identity, or to cause reputation or/and financial loss to users. Therefore, systems should be designed taking privacy into account. Data Minimisation (DM) is a privacy concept that is recognised in the European General Data Protection Directive, which shows that systems should minimise the
Load more

Recommended publications
  • National Privacy Research Strategy
    NATIONAL PRIVACY RESEARCH STRATEGY National Science and Technology Council Networking and Information Technology Research and Development Program June 2016 National Privacy Research Strategy About the National Science and Technology Council The National Science and Technology Council (NSTC) is the principal means by which the Executive Branch coordinates science and technology policy across the diverse entities that make up the Federal research and development (R&D) enterprise. One of the NSTC’s primary objectives is establishing clear national goals for Federal science and technology investments. The NSTC prepares R&D packages aimed at accomplishing multiple national goals. The NSTC’s work is organized under five committees: Environment, Natural Resources, and Sustainability; Homeland and National Security; Science, Technology, Engineering, and Mathematics (STEM) Education; Science; and Technology. Each of these committees oversees subcommittees and working groups that are focused on different aspects of science and technology. More information is available at www.whitehouse.gov/ostp/nstc. About the Office of Science and Technology Policy The Office of Science and Technology Policy (OSTP) was established by the National Science and Technology Policy, Organization, and Priorities Act of 1976. OSTP’s responsibilities include advising the President in policy formulation and budget development on questions in which science and technology are important elements; articulating the President’s science and technology policy and programs; and fostering strong partnerships among Federal, state, and local governments, and the scientific communities in industry and academia. The Director of OSTP also serves as Assistant to the President for Science and Technology and manages the NSTC. More information is available at www.whitehouse.gov/ostp.
    [Show full text]
  • Contribution to Study Period on Privacy Engineering Framework
    PReparing Industry to Privacy-by-design by supporting its Application in REsearch Contribution to Study Period on Privacy Engineering Framework Project: PRIPARE Project Number: ICT -6106 Title: Contribution to Study Period on Privacy Engineering Framework Version: v1.0 Part of the Seventh Date: 06/08/2015 Framework Programme Confidentiality: Public Funded by the EC - DG CNECT Author/s: Antonio Kung, Christophe Jouvray (Trialog), Nicolas Notario, Alberto Crespo (Atos), Samuel Martin, José del Álamo (UPM), Carmela Troncoso (Gradiant). PRIPARE Contribution to Study Period on Privacy Engineering Framework v1.0 Table of Contents SUMMARY ..........................................................................................................4 LIST OF FIGURES ..................................................................................................5 ABBREVIATIONS AND DEFINITIONS .....................................................................5 1 INTRODUCTION ............................................................................................6 2 PRIVACY FRAMEWORK VERSUS PRIVACY ENGINEERING FRAMEWORK .........7 2.1 ABOUT FRAMEWORKS ................................................................................................ 7 2.2 POSITIONING PRIVACY ENGINEERING IN ORGANISATIONS..................................................... 7 2.3 WHY A PRIVACY ENGINEERING FRAMEWORK? ................................................................ 10 2.3.1 Need for Convergence of Terms..................................................................
    [Show full text]
  • Opening & Welcoming Remarks
    Tuesday, April 10 – Wednesday, April 11, 2018, Washington, DC Opening & Welcoming Remarks Speaker 1 Joe Bhatia, President and CEO, ANSI Welcoming Remarks from ANSI Joe Bhatia has been president and CEO of the American National Standards Institute (ANSI) since January 2006. He previously served as executive vice president and COO of the international group at Underwriters Laboratories (UL). Mr. Bhatia serves as vice chairman of the Industry Trade Advisory Committee on Standards and Technical Trade Barriers (ITAC 16), a joint program of the U.S. Department of Commerce and U.S. Trade Representative. He is a member of the International Organization for Standardization (ISO) Council and its Council Standing Committee on Finance, and holds a seat on the Oakton Community College Education Foundation Board. In 2017 he concluded his term as president of the Pan American Standards Commission (COPANT), where he also served as vice president for four years. Speaker 2 Christoph Winterhalter, Chairman of the Executive Board of DIN Welcoming Remarks from DIN After studying computer science at the University of Karlsruhe Winterhalter started his career at ABB. After assignments in Norway, USA and Germany he took over the business units robot automation and robotics products. In 2010 he became director of the German Research Center of ABB until he was promoted global Product Group manager heading ABB’s global Machinery Controls and Automation business and later Hub Business Manager Control Technologies. Since July 2016 he is Chairman of the Executive Board of DIN. Speaker 3 Thomas Sentko, Standards Manager, International of DKE Welcoming remarks from DKE 2 Thomas studied electrical engineering/telecommunications at the University of Applied Sciences Darmstadt and graduated with the degree Dipl.Ing.
    [Show full text]
  • Privacy Engineering for Social Networks
    UCAM-CL-TR-825 Technical Report ISSN 1476-2986 Number 825 Computer Laboratory Privacy engineering for social networks Jonathan Anderson December 2012 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2012 Jonathan Anderson This technical report is based on a dissertation submitted July 2012 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Trinity College. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Privacy engineering for social networks Jonathan Anderson In this dissertation, I enumerate several privacy problems in online social net- works (OSNs) and describe a system called Footlights that addresses them. Foot- lights is a platform for distributed social applications that allows users to control the sharing of private information. It is designed to compete with the performance of today’s centralised OSNs, but it does not trust centralised infrastructure to en- force security properties. Based on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Addressing these problems fully would fundamentally change users’ interactions with OSNs, providing real control over online sharing. I also demonstrate that today’s OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks. Footlights’ storage substrate provides private, scalable, sharable storage using untrusted servers. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year.
    [Show full text]
  • Predictability for Privacy in Data Driven Government
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Minnesota Law School Minnesota Journal of Law, Science & Technology Volume 20 Issue 1 Article 3 1-6-2019 Predictability for Privacy in Data Driven Government Jordan Blanke Mercer University Janine Hiller Virginia Tech Follow this and additional works at: https://scholarship.law.umn.edu/mjlst Part of the Administrative Law Commons, Privacy Law Commons, and the Science and Technology Law Commons Recommended Citation Jordan Blanke & Janine Hiller, Predictability for Privacy in Data Driven Government, 20 MINN. J.L. SCI. & TECH. 32 (2018). Available at: https://scholarship.law.umn.edu/mjlst/vol20/iss1/3 The Minnesota Journal of Law, Science & Technology is published by the University of Minnesota Libraries Publishing. Predictability for Privacy in Data Driven Government Jordan M. Blanke* and Janine S. Hiller† Abstract The Deferred Action for Childhood Arrivals program (DACA) required individuals to provide a great deal of personal information in order to participate and remain in the United States legally; could information in the same system now be used for deportations? More broadly, how should systems of data that are created legitimately by United States agencies and compiled for one reason, be used for other reasons? The increasing emphasis on “smart cities” that use data to efficiently provide and plan for service delivery will require the integration of data from multiple government and non- government sources, in ways that citizens may not expect. There are increasing calls for the federal government to open up and share the data collected for one reason for use in additional, unrelated ways, and to combine that data with data collected by commercial, private entities.
    [Show full text]
  • Curriculum Vitae
    Daniel Smullen Curriculum Vitae “Don’t have good ideas if you aren’t willing to be responsible for them.” —Alan Perlis About Me I solve socio-technical problems using interdisciplinary research methods. I want to help the world to develop more usable, secure, privacy-preserving, trustworthy software. Education 2021 Doctor of Philosophy (Software Engineering), Carnegie Mellon University School of Computer Science, Pittsburgh. Institute for Software Research, Committee: Norman Sadeh (Chair), Lorrie Faith Cranor, Alessandro Acquisti, Rebecca Weiss (External, Mozilla), Yaxing Yao (External, UMBC) + My research is focused on Usable Privacy and Security, incorporating qualitative and quantitative (mixed-methods) methodologies seen in behavioral economics, user-centered design, requirements engineering, machine learning, and empirical software engineering. + My thesis investigates a broad cross section of privacy and security decisions in browsers and mobile apps; systematically assessing their effectiveness and manageability, exploring standardization, discussing public policy issues, and generalizability to other domains (e.g., Internet of Things). + My work demonstrates that when the settings are well-aligned with people’s mental models, machine learning can leverage the predictive power in models of more complex settings to help people manage their preferences more easily – this can effectively mitigate trade-offs between accuracy and increased user burden as settings proliferate. 2018 Master of Science (Software Engineering), Carnegie Mellon University, Pittsburgh, Institute for Software Research. 2014 Bachelor of Engineering (Honours, Software Engineering), Ontario Tech, Formerly: University of Ontario Institute of Technology, Oshawa, With Distinction. Academic Work Experience 2014 – Present PhD Candidate, Carnegie Mellon University, Pittsburgh, Institute for Software Research. 2017 – 2021 Research Advisor, Carnegie Mellon University, Pittsburgh, Institute for Software Research.
    [Show full text]
  • Systems Security Engineering Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems
    Draft NIST Special Publication 800-160 VOLUME 2 Systems Security Engineering Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems RON ROSS RICHARD GRAUBART DEBORAH BODEAU ROSALIE MCQUAID This document is a supporting publication to the NIST systems security engineering guidance provided in Special Publication 800-160, Volume 1. The content was specifically designed to PRE-RELEASE DRAFT be used with and to complement the flagship systems security NOT FOR DISTRIBUTION engineering publication to support organizations that require cyber resiliency as a property or characteristic of their systems. The goals, objectives, techniques, implementation approaches, and design principles that are described in this publication are an integral part of a cyber resiliency engineering framework and are applied in a life cycle-based systems engineering process. Draft NIST Special Publication 800-160 VOLUME 2 Systems Security Engineering Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems RON ROSS Computer Security Division National Institute of Standards and Technology RICHARD GRAUBART DEBORAH BODEAU ROSALIE MCQUAID Cyber Resiliency and Innovative Mission Engineering Department The MITRE Corporation March 2018 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology DRAFT NIST SP 800-160, VOLUME 2 SYSTEMS SECURITY ENGINEERING CYBER RESILIENCY CONSIDERATIONS FOR THE ENGINEERING OF TRUSTWORTHY SECURE SYSTEMS ________________________________________________________________________________________________________________________________________________ Authority This publication has been developed by the National Institute of Standards and Technology to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283.
    [Show full text]
  • FY2021 Supplement to the President's Budget for the Federal Networking
    THE NETWORKING & INFORMATION TECHNOLOGY RESEARCH & DEVELOPMENT PROGRAM SUPPLEMENT TO THE PRESIDENT’S FY2021 BUDGET Product of the SUBCOMMITTEE ON NETWORKING & INFORMATION TECHNOLOGY RESEARCH & DEVELOPMENT COMMITTEE ON SCIENCE & TECHNOLOGY ENTERPRISE of the NATIONAL SCIENCE & TECHNOLOGY COUNCIL AUGUST 14, 2020 Table of Contents 1. Introduction .................................................................................................................. 1 2. NITRD R&D Budgets by Agency and PCA, FYs 2019–2021 ...................................................... 7 Overview ........................................................................................................................................................ 7 Budget Charts ............................................................................................................................................... 7 Table 1. Agency Budgets by PCA, FYs 2019–2021 ........................................................................................ 8 Table 2. Agency Budgets by PCA for AI R&D, FYs 2019–2021 .................................................................... 10 Table 3. Agency Budgets for ACN R&D ....................................................................................................... 12 Budget Analysis ........................................................................................................................................... 12 3. Key Activities of the NITRD PCAs and IWGs .......................................................................
    [Show full text]
  • Privacy Engineering: Shaping an Emerging Field of Research and Practice
    IEEE SYMPOSIUM ON SECURITY AND PRIVACY Privacy Engineering: Shaping an Emerging Field of Research and Practice Seda Gürses | Princeton University Jose M. del Alamo | Universidad Politécnica de Madrid The emerging field of privacy engineering responds to the gap between research and practice, systematizing and evaluating approaches to capture and address privacy issues while engineering information systems. rivacy engineering is an emerging research frame- Symposium on Security and Privacy. IWPE provides a P work that focuses on designing, implementing, forum for those interested in tackling the gaps and chal- adapting, and evaluating theories, methods, techniques, lenges in privacy engineering. With its explicit focus on and tools to systematically capture and address privacy engineering techniques and its interdisciplinary program issues in the development of sociotechnical systems. committee with members from computer science, law, We primarily situate the field in software engineering policy, social sciences, humanities, and design, the work- yet expect it to build on an intradisciplinary foundation, shop complements existing venues that focus mainly on leveraging techniques and tools from various computer presenting privacy solutions, like the Symposium on science subdisciplines, such as security engineering, Usable Privacy and Security (https://cups.cs.cmu.edu human–computer interaction, and machine learning. /soups) or treat privacy as a subfield of security engi- Because law, societal norms, ethical conceptualizations, neering, like the Privacy Enhancing Technologies Sym- and technological advances inform privacy, the field is posium (https://petsymposium.org). also inevitably interdisciplinary. Furthermore, devel- The first iteration of the workshop attracted 47 -del oping a robust practice will benefit from knowledge egates from academia, industry, government, and civil of existing business practices as well as organizational society.
    [Show full text]
  • 2018–2019 Johns Hopkins Engineering for Professionals
    The Johns Hopkins University 3400 North Charles Street Engineering Baltimore, MD 21218 for Professionals Part-Time and Online Graduate Education in Engineering and Applied Sciences 2018–2019 Part-Time Graduate Programs ep.jhu.edu Dear Students, Technological advances occurring at a breathtaking pace are impacting every aspect of society. In this environment, the most successful engineers are those committed to seek- ing the resources they need to remain at the forefront of their professions. They know it is crucial not only to be well versed in the latest technologies, but also to understand how their fields are evolving, what the consequences of these changes will be, and the knowledge and skills they will need to remain ahead of the curve. The Whiting School of Engineering provides motivated working engineers around the world with the tools and experiences necessary to advance and deepen their educa- tions in ways that have a direct positive impact on their professional lives. The breadth of our degree and certificate programs, the real-world experience of our faculty, and our state-of-the-art instructional methods enable us to provide students with unparalleled opportunities—all of which come with the prestige and value of a Johns Hopkins education. Here, you will learn from instructors who are advancing and redefining their fields, including experienced professionals from the renowned Johns Hopkins Applied Physics Labora- tory, as well as outstanding members of the Johns Hopkins University faculty. These dedicated instructors understand how engineering joins the theoretical with the practical in order to implement solutions to today’s grand challeng- es, and they continually improve and update their course and project content to include the very latest in both the theoretical understanding and the applications of their areas of expertise.
    [Show full text]
  • Privacy Engineering: Proactively Embedding Privacy, by Design
    Privacy Engineering: Proactively Embedding Privacy, by Design January 2014 Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada Stuart Shapiro, Ph.D. R. Jason Cronk, Esq. MITRE Corporation Enterprivacy Consulting Group 416-326-3333 1-800-387-0073 2 Bloor Street East Fax: 416-325-9195 Suite 1400 Toronto, Ontario TTY (Teletypewriter): 416-325-7539 Information and Privacy Commissioner M4W 1A8 Website: www.ipc.on.ca Ontario, Canada Canada Privacy by Design: www.privacybydesign.ca Privacy Engineering: Proactively Embedding Privacy, by Design TABLE OF CONTENTS I. Introduction ...................................................................... 1 II. From FIPPs to PbD ............................................................. 2 III. What is Privacy Engineering? ............................................ 3 IV. Non-technical Considerations of Privacy ............................ 5 User-centric Design ................................................................................5 Mutuality of Expectations .........................................................................6 Behavioral Economics and Human Irrationality .........................................7 Proportionality ........................................................................................7 V. Risk Models ...................................................................... 8 VI. Risk Analysis ..................................................................... 9 Checklists and Privacy Impact Assessments ............................................
    [Show full text]
  • A Privacy Engineering Framework for the Internet of Things
    A Privacy Engineering Framework for the Internet of Things Antonio Kung1, Frank Kargl2, Santiago Suppan3, Jorge Cuellar4, Henrich C. Pöhls5, Adam Kapovits6, Nicolas Notario7, Yod Samuel Martin8 1 Trialog, Paris, France [email protected] 2 Ulm University, Ulm, Germany [email protected] 3,4 Siemens, Munich, Germany 3 [email protected] 4 [email protected] 5 University of Passau, Passau, Germany [email protected] 6 Eurescom, Heidelberg, Germany [email protected] 7 Atos, Madrid, Spain [email protected] 8 Universidad Politécnica de Madrid, Madrid, Spain [email protected] Abstract. This paper describes a privacy engineering framework for the Internet of Things (IoT). It shows how existing work and research on IoT privacy and on privacy engineering can be integrated into a set of foundational concepts that will help practice privacy engineering in the IoT. These concepts include privacy engineering objectives, privacy protection properties, privacy engineering principles, elicitation of requirements for privacy and design of associated features. The resulting framework makes the key difference between privacy engineering for IoT systems targeting data controllers, data processors and associated integrators, and privacy engineering for IoT subsystems, targeting suppliers. Keywords: Privacy-by-design, Internet of things, IoT system, IoT subsystem, Integrator, Supplier. 1 Introduction 1.1 The Internet of Things The Internet of Things (IoT) refers to smart devices, sensors, and actuators that are embedded in the physical world, connected to each other and to further computing resources, allowing applications and intelligent services to understand, track, and control almost anything in the physical world through standard communication networks.
    [Show full text]