Engineering Privacy by Design - 0 views
-
gabriela ortizmichel on 16 Oct 13Seda Gurses, Carmela Troncoso, and Claudia Diaz Abstract: The design and implementation of privacy requirements in systems is a dicult problem and requires the translation of complex social, legal and ethical concerns into systems requirements. The concept of \privacy by design" has been proposed to serve as a guideline on how to address these concerns. \Privacy by design" consists of a number of principles that can be applied from the onset of systems development to mitigate privacy concerns and achieve data protection compliance. However, these principles remain vague and leave many open questions about their application when engineering systems. In this paper we show how starting from data minimization is a necessary and foundational rst step to engineer systems in line with the principles of privacy by design. We rst discuss what data minimization can mean from a security engineering perspective. We then present a summary of two case studies in which privacy is achieved by minimizing dierent types of data, according to the purpose of each application. First, we present a privacy-preserving ePetition system, in which user's privacy is guaranteed by hiding their identity from the provider while revealing their votes. Secondly, we study a road tolling system, in which users have to be identied for billing reasons and data minimization is applied to protect further sensitive information (in this case location information). The case studies make evident that the application of data minimization does not necessarily imply anonymity, but may also be achieved by means of concealing information related to identiable individuals. In fact, dierent kinds of data minimization are possible, and each system requires careful crafting of data minimization best suited for its purpose. Most importantly, the two case studies underline that the interpretation of privacy by design principles requires specic engineering expertise [...]