CITP Luncheon Speaker Series - PET Sematary: Privacy’s Return from the Dead and the Rise of Privacy Engineering
Apr 5, 2016 12:30PM to 01:30PM
Department:Center for Information Technology Policy
Audience:Open to the Public
Seda Gürses, Postdoctoral Research Associate at CITP, Princeton University and an FWO fellow at COSIC, University of Leuven in Belgium
“The social proof of privacy’s irrelevance vanished, just like that. If Apple thinks that customers will buy its products because no one, not even Apple, can break into the data stored on them, what does it say about the privacy zeitgeist?” Cory Doctorow, Forget Apple’s fight with the FBI, The Guardian, 3/4/2016
The number of privacy debacles of the last years in social networks, web tracking, NSA/GCHQ surveillance, and mass scale breaches have been adding up. Contrary to claims that “privacy is dead”, the popularity of court cases with national and international implications, like Apple vs. FBI, are indicators that people around the world do care about their privacy, and the ambition to design and maintain systems that respond to relevant privacy issues can no longer be dismissed as “anti-progressivism”. However, assuming it is meant to be more than marketing, getting privacy right is challenging. The emerging field of privacy engineering responds to this challenge. It intends to address the gap between privacy research and and engineering practice by systematizing and evaluating methods, techniques and tools to capture and address privacy issues while engineering information systems. In addition, privacy engineering demands paying attention to the context in which these methods, techniques and tools can be applied, e.g., domain, type of organization, engineering expertise and practices, or software and hardware infrastructures.
This talk will first give an overview of the nascent field of privacy engineering. Preliminary results will then be presented from an ongoing empirical study on the impact of the shift from shrink wrap software to services and apps on software engineering practice. Instead of organizing around stable versions of client specific binaries released at longer time intervals, and installed on user owned devices, software provided as a service or in the form of apps tends toward continuous, networked and centrally controlled functionality. What kind of challenges does this shift to services and apps pose to computer science research on privacy? And, have computer scientists understood and responded to these challenges in the privacy solutions they develop?