PET Sematary: Privacy's return from the dead and the rise of Privacy Engineering
Seda Gürses, Princeton University
April 1, 2016 2:30pm, in DC 1304
"The social proof of privacy's irrelevance vanished, just like that. If Apple thinks that customers will buy its products because no one, not even Apple, can break into the data stored on them, what does it say about the privacy zeitgeist?" Cory Doctorow, Forget Apple's fight with the FBI, The Guardian, 3/4/2016
The number of privacy debacles of the last years in social networks, web tracking, NSA/GCHQ surveillance, and mass scale breaches have been adding up. The popularity of the Apple vs. FBI case is yet another indicator that people around the world do care about their privacy, and the ambition to design and maintain systems that respond to relevant privacy issues can no longer be dismissed as "anti-progressivism". However, assuming it is meant to be more than marketing, getting privacy right is challenging. The emerging field of privacy engineering responds to this challenge. It intends to address the gap between privacy research and and engineering practice by systematizing and evaluating methods, techniques and tools to capture and address privacy issues while engineering information systems. In addition, privacy engineering demands paying attention to the context in which these methods, techniques and tools can be applied, e.g., domain, type of organization, engineering expertise and practices, or software and hardware infrastructures.
In this talk, I will first give an overview of the nascent field of privacy engineering. I will then present preliminary results from an ongoing empirical study on the impact of the shift from shrink wrap software to services and apps on software engineering practice. Instead of organizing around stable versions released at longer time intervals, and stand-alone apps installed on user owned devices, software provided as a service or in the form of apps tends toward continuous, networked and centrally controlled functionality. What kind of challenges does this shift to services and apps pose to computer science research on privacy? And, have computer scientists understood and responded to these challenges in the privacy solutions they develop?
Seda Gürses is a Postdoctoral Research Associate at CITP, Princeton University and an FWO fellow at COSIC, University of Leuven in Belgium. She works on privacy and requirements engineering, privacy enhancing technologies and surveillance. Previously she was a post-doctoral fellow at MCC (NYU) and COSIC (KUL), after completing her PhD at the Department of Computer Science at the University of Leuven. For her current empirical project on the impact of Service Oriented Architectures on engineering practice Seda is collaborating with Joris Van Hoboken, Hadi Asghari and Richmond Wong. Together with Jose M. del Alamo she co-organizes the International Workshop on Privacy Engineering co-located with the IEEE Security and Privacy Conference.