missioner’s Office has published a
number of studies and statements on
how privacy can be designed into specific kinds of systems. One example
is electronic (RFID-enabled) driver’s
licenses, for which the inclusion of
a built-in on/off switch is advocated,
thereby providing individuals with
direct, immediate, and dynamic control over whether the personal information embedded in the license can
be remotely read or not. Such a mechanism would support several Fair
Information Practices, most notably
collecting personal information only
with the knowledge and consent of
the individual. This approach is clearly applicable as well to other kinds of
RFID-enabled cards and documents
carrying personal information.
Similar efforts have been sponsored by the U.K. Information Commissioner’s Office. This work has
taken a somewhat more systemic perspective, looking less at the application of privacy by design to specific
types of technology and more at how
to effectively integrate privacy into the
system development life cycle through
measures such as privacy impact assessments and ‘practical’ privacy standards. It also emphasizes the potential
role of privacy-enhancing technologies (PETs) that can be integrated with
or into other systems. While some of
these are oriented toward empowering individuals, others—which might
more appropriately be labeled Enterprise PETs—are oriented toward supporting organizational stewardship
of personal information.
However, state of the art is state of
the art. Supporting the translation of
abstract principles, models, and mechanisms into implementable requirements, turning this into a repeatable
process, and embedding that process in
the system development life cycle is no
small matter. Security has been at it a lot
longer than privacy, and it is still running into problems. But at least security
has a significant repertoire of principles, models, and mechanisms; privacy
has not really reached this stage yet.
conclusion
So, if privacy by design is still a ways
off, and security by design still leaves
something to be desired, how do we
get there from here? There’s little
security and privacy
tend to be articulated
at a level of
abstraction that often
makes their specific
manifestations
less than obvious.
doubt that appropriately trained engineers (including security engineers)
are key to supporting the effective
translation of principles, models,
and mechanisms into system requirements. There doesn’t yet appear to
be such a thing as a privacy engineer;
given the relative paucity of models
and mechanisms, that’s not too surprising. Until we build up the latter,
we won’t have a sufficient basis for the
former. For privacy by design to extend
beyond a small circle of advocates and
experts and become the state of practice, we’ll need both.
This will require recognition that
there is a distinct and necessary technical discipline of privacy, just as
there is a distinct and necessary technical discipline of security—even if
neither is fully formed. If that can be
accomplished, it will create a home
and an incentive for the models and
mechanisms privacy by design so badly needs.
This is not to minimize the difficulty of more effectively and consistently
translating security’s body of knowledge (which is still incomplete) into
implementable and robust requirements. Both security and privacy need
to receive more explicit and directed
attention than they often do as areas
of research and education.
Security by design and privacy by
design can be achieved only by design. We need a firmer grasp of the
obvious.
Stuart S. Shapiro ( s_shapiro@acm.org) is Principal
Information Privacy and Security Engineer at The MITRE
Corporation, bedford MA.
Copyright held by author.
Calendar
of Events
June 15
MobileCloud Workshop
(co-located with Mobisys 2010),
san francisco, CA,
Contact: Li erran Li,
email: erranlli@research.bell-
labs.com
June 15–18
international Conference
on informatics in Control,
Automation and robotics,
funchal, Portugal,
Contact: Joaquim filipe,
email: jfilipe@insticc.org
June 15–18
Computers, freedom,
and Privacy,
san Jose, CA,
Contact: Jon Pincus,
email: jon@achangeiscoming.net
June 15–18
Annual nAsA/esA Adaptive
hardware and systems
Conference,
Anaheim, CA,
Contact: Arslan Tughrul,
email: t.arslan@ed.ac.uk
June 16–18
Conference on the future
of the internet 2010,
seoul republic of Korea,
Contact: Dongman Lee,
email: dlee@cs.kaist.ac.kr
June 17–18
Third international Workshop
on future Multimedia
networking,
Krakow, Poland,
Contact: Mauthe Andreas,
email: a.mauthe@lancaster.
ac.uk
June 19–23
ACM siGChi symposium
on engineering interactive
Computing systems,
Berlin, Germany,
Contact: Jean Vanderdonckt
email: jean.vanderdonckt@
uclouvain.be
June 19–23
The 37th Annual international
symposium on Computer
Architecture,
saint-Malo, france,
Contact: Andre seznec
email: seznec@irisa.fr
