Privacy by Design Moves Mainstream
Dr. Ann Cavoukian, Information and Privacy Commissioner for Ontario has promoted the concept of Privacy by Design (PbD) for several years. But what many people don’t realize is that PBD is an international standard, and that privacy can be addressed not as a tradeoff, but as a win-win, or positive outcome from smart developers.
Source: Ontario Information and Privacy Commission
Commissioner Cavoukian provides a clear and inspiring summary of the PBD, its growing global momentum and the core concepts behind it. Paraphrasing her words:
- “PBD has been around since the late ’90s. In 2010 it was unanimously adopted as a standard by an international group of privacy commissioners. Since then its been translated into 33 languages and become a global phenomenon.
- The industry has seen privacy from a dated, zero sum paradigm that is completely unacceptable and unnecessary. We need to transform this to a positive-sum paradigm where we can have both big privacy and big data gaining in positive increments.
- You as developers have to work creatively and innovatively. You have to be smart…but you are smart! I’ve talked with cryptographers and asked: Can you do this? And they said absolutely we just have to know about it at the design stage so we can build it in up front. We just have to be given notice.
- Users are happy to allow trusted companies to use their data once they’re consulted. The tradeoffs you have been asked to make are largely false, a false dichotomy. If you embrace privacy as a core functionality, if you follow PBD, you can make it a part of your business practices and and processes and you take great comfort in doing that because it will give you a competitive advantage that is sustainable over time.”
Source: Ontario Information and Privacy Commission
In other encouraging news:
- Commissioner Cavoukian cited an Associated Press survey finding that, for the first time ever, the majority, or 6 out of 10 Americans, rate privacy to be more important than security.
- As well as a free press on PRISM, America still has an independent judicial system, and one judge ruled that “NSA’s metadata collection almost certainly violates the Fourth Amendment.“
- A presidential panel led by Richard Clarke issued a December report proposing sweeping changes to NSA surveillance, including the concept of respect for non-U.S. as well U.S. citizens’ privacy.
Finally, from a Wall State Journal article, even the NSA has been thinking positive-sum (at least at one time in the past):
“.…former NSA officials say [a transition from mass to targeted surveillance] is certainly doable. “That’s exactly what we did,” says former NSA official Ed Loomis. “It’s not only feasible—the government threw away the software that did it.”
Mr. Loomis said he and his colleagues developed just such a program 15 years ago. It was designed to cheaply search an array of data sets—wherever they happened to be—without first importing all the data into an NSA-held system.
The program helped spies conduct targeted searches of large amounts of data and included a number of privacy protections that performed well in pilot tests. But the program, known as ThinThread, lost an internal bureaucratic fight and wasn’t deployed.”
Today, I sense “a shift in the Force.” A growing realization that, in Dr. Cavoukian’s words: “The tradeoffs you have been asked to make are largely false, a false dichotomy. If you embrace privacy as a core functionality, if you follow PBD, you can make it a part of your business practices and and processes and take great comfort in doing so because it will give you a competitive advantage sustainable over time.“