Shostack + Friends Blog Archive


My Privacy Enhancing Technologies talk

At the Privacy Enhancing Technologies workshop, there is a ‘rump’ session, designed for work that’s not of sufficient quality to make it into the workshop. (And given that the workshop now has a 20% acceptance rate, there’s some pretty interesting stuff that doesn’t make it in.)

I didn’t use it for that, I used it to share an idea with the attendees. And that is that the loss of control of personal information are being reported on not as privacy stories, but as security stories. I’m hoping that we’ll see more on privacy in these stories, and exhorted people to pay attention to that aspect in “Privacy Enhancing Technologies and Breach Disclosures.”

2 comments on "My Privacy Enhancing Technologies talk"

  • Adam,
    Nice presentation. I think what is interesting is how little we talk about preserving privacy as a fundamental technology design goal. Even within secure development methodologies such as the SDL there isn’t a lot of time given to fundamental design decisions that impact privacy. The goal is to protect privacy but I don’t see a lot of focus on good/bad solutions to problems that do and don’t protect privacy.
    The best talk I ever saw on this was one that Ian Goldberg did back at Usenix Security in 2000. The title was “Privacy-Degrading Technologies: How Not to Build the Future”.
    The focus was on how fundamental design choices lead to privacy protection or the opposite, and we need to understand the options and make the right choice when we build something because its in the architecture thereafter.
    Does anyone else find it humorous that Google was one of the sponsors of the recent conference? 🙂

  • Aoi says:

    Good thoughts. Technology is not “privacy neutral” but generally drives down privacy levels. It’s an uphill battle at all levels for PET. But the weakest link remains and will likely continue to be people. The average person does not understand passwords, user authentication, wireless, or even rewards cards. So any PET solution has to keep in mind what everyday people do and how black hats of all types will attempt to circumvent or subvert it. Hope to read more about both the 80% and the 20%.

Comments are closed.