1 © Nokia 2016

Experiences in the Development and Usage

of a Privacy Requirements Framework

Public

Dr. Ian Oliver

Security Research Group

Nokia Bell Labs, Finland

15 September 2016

RE’16 Beijing

2 © Nokia 2016

Contents

Public

• Introduction• Ontology• Requirements Framework• Tool Support• Practice• Conclusions / Future work

3 © Nokia 2016

Introduction

Public

• Privacy is Important (alledgedly)

• Regulated”: GDPR, Safe Harbour, Privacy Shield• Telecommunication Law, Health, Financial Law, Child Protection• National Security (LI)

• Behavioural Profiling...• or we missed the singularity playing Pokemon Go...?

4 © Nokia 2016

Lawyers & Engineers

Public

• Legal meet Engineering, Engineering meet Legal...

5 © Nokia 2016

Lawyers & Engineers

Public

• Legal meet Engineering, Engineering meet Legal...

• Privacy Lawyer: ”Do you collect any personal data/PII?”• Engineer: ”No”

6 © Nokia 2016

Lawyers & Engineers

Public

• Legal meet Engineering, Engineering meet Legal...

• Privacy Lawyer: ”Do you collect any personal data/PII?”• Engineer: ”Yes”• Privacy Lawyer: ”You need to be compliant, here are the

requirements:”

7 © Nokia 2016

Lawyers & Engineers

Public

• I’m not saying that this is an ontological problem but...

”Privacy by Design” C++/Java/...

8 © Nokia 2016

Public

Ontologies – Information Type

9 © Nokia 2016

Public

• Requirements• Ontology & Semantics• Modelling• Metrics• Culture

What’s the semantics of an IP address?

Which interpretation(s) do you want?....and when?....and why?

Ontologies – Information Type

10 © Nokia 2016

Public

Ontologies - Usage

11 © Nokia 2016

Public

Ontologies – Data Flow Modelling

12 © Nokia 2016

Public

Ontologies – Requirements Aspects

13 © Nokia 2016

Public

Requirements Framework

x

y

z

More dimensions possible...

14 © Nokia 2016

Public

Requirements Framework

15 © Nokia 2016

Public

• find(e,a,d) -> set(Req)• e – ontology element• a – requirment aspect• s - context

• Empty Results• Refinement Properties

• Initial Population• (Un-)necessity of a populated matrix• Spareness

• Formal Semantics• Requirements text• Requirements framework

Requirements Framework - Rules

16 © Nokia 2016

Public

• Excel & Word

• Ontologies in OWL/RDF• RDF Database back-end

• Individual projects extract a set of requirements and process locally• local reasoning, eg: ID->LOC• Tracability, GORE

• Integration• SDElements• Jira

Tool Support

17 © Nokia 2016

Public

• Policy Level Requirements• Formalisation of legal texts• Suprisingly sparse and generic• Interesting omissions

• Architectural Level• Exceedingly sparse• Patterns and reference to guideline material• More accepted by engineers (language change)

• Post-priori requirements elicidation• Resistance, ”Agility”, Education

• Over-constrainment (Retrenchment)• Data Flow Modelling & Reasoning

Practice

Ian Oliver. Privacy Engineering: A Dataflow and Ontological Approach CreateSpace / Amazon ISBN: 978-1497569713

18 © Nokia 2016

Public

• Communication & Culture• Safety-critical systems and Compliance

• Risk Management

• Privacy Metrics• Ontologies => Metric Spaces; Refinement => Distance

• Formal Semantics• Everything is an algebra/topological (metric) space• Ontologise everything• Ontology fragility is a myth

Conclusions/Future Work

Ian Oliver and Yoan Miche (2016)

On the Development of A Metric for Quality of Information Content over Anonymised Data-Sets. Quatic 2016, Lisbon, Portugal