Ideal for software engineers new to privacy, this book helps you examine privacy-protective information management architectures and their foundational components—building blocks that you can combine in many ways. Policymakers, academics, students, and advocates unfamiliar with the technical terrain will learn how these tools can help drive policies to maximize privacy protection.
Restrict access to data through a variety of application-level controls
Use security architectures to avoid creating a single point of trust in your systems
Explore federated architectures that let users retrieve and view data without compromising data security
Maintain and analyze audit logs as part of comprehensive system oversight
Examine case studies to learn how these building blocks help solve real problems
Understand the role and responsibilities of a Privacy Engineer for maintaining your privacy architecture
Chapter 1What Is Privacy?
How to Think About Privacy
Why Privacy Is Important
Before You Get Started
Chapter 2Personal Data and Privacy
Data Collection: Understanding Privacy’s First Frontier
Chapter 3Case Studies in Data Collection
Google Street View WiFi: Inadvertent Over-Collection of Data
iPhone Location Database
Chapter 4Information Security: Protecting Data from Unauthorized Access
InfoSec Best Practices for Privacy-Protected Systems
Access and Control: Controlling Authorized Data Access
Chapter 5Security Architecture
Separating Roles, Separating Powers
Making Roles Secure
Chapter 6Access Controls
Types of Access
Strengths and Weaknesses of Access Control
Access Controls and the Fair Information Practice Principles (FIPPs)
When to Use Access Controls
Chapter 7Data Revelation
The Case for Data Revelation
Requirements of Data Revelation
Hybrid Revelation and Practical Scoping
Designing for Data Revelation
Strengths and Weaknesses of Data Revelation
Data Revelation and the Fair Information Practice Principles (FIPPs)
When to Use Data Revelation
Oversight: Holding Users and Systems Accountable
Chapter 8Federated Systems
Asking Out and Being Asked
Strengths and Weaknesses of Federated Systems
Federated Systems and the Fair Information Practice Principles (FIPPs)
When to Use Federated Architecture
Chapter 9Audit Logging
Why Are Audit Records Important?
But Auditing Is Easy, Right?
What Are the Challenges to Effective Auditing and How Do I Meet Them?
Audit Logging and the Fair Information Practice Principles (FIPPs)
Advanced Auditing Considerations
Chapter 10Data Retention and Data Purging
What Is Data Retention?
Why Is Data Retention Important?
How to Set Retention and Purge Policies
So You Want to Purge Data. Now What?
Practical Steps of Data Retention
Data Retention, Purging, and the FIPPs
Putting It All Together
Chapter 11Practical Applications and Use Cases
Use Case #1: Social Media Analysis
Use Case #2: Secure Messaging
Use Case #3: Automated License Plate Readers (ALPR)
Courtney Bowman has been working in the data analytics space for the last decade. After earning degrees in Physics and Philosophy at Stanford University, Courtney spent several years at Google working on quantitative analytics, auction design, and pricing strategy, where he developed a strong understanding of the intricacies of data analytics algorithmic implementation and the attendant privacy challenges.
Drawing on that background and an appreciation of the need for value-oriented approaches to systems architecture and design in order to ensure privacy protections, Courtney joined Palantir Technologies in 2010 as an in-house Privacy and Civil Liberties specialists. Within that role, he has developed extensive experience working with local and federal government agencies (including law enforcement, criminal justice, health and social services) to develop technology-driven solutions to information sharing and inter-agency cooperation in a manner that respects applicable privacy, security, and data integrity requirements. Courtney is an avid distance runner and cyclist. He resides in New York City with his increasingly unwieldy library of German literature and philosophy.
Ari Gesher is a technologist and software generalist who has split his career between systems engineering, software engineering. In his 17 year career, he’s worked at a number of startups, was the maintainer of the SourceForge.net open source software repository before the word ‘github’ even existed, and landed at Palantir as an very early engineer in 2006 (after dropping out of his undergrad education at University of Illinois for a second time).
At Palantir, Ari started working on backend systems. His first feature was implementing the metadata tagging for Palantir’s platforms that are the foundation of all privacy-protective access controls. In his time at Palantir, he’s worked on both Palantir’s Philanthropic Engineering Team and the Privacy & Civil Liberties Team, as well as overseeing Palantir’s Open Source efforts. Today, when he gets a chance to code, he’s busy re-inventing himself in the UX domain, working as a rapid prototyper for Palantir’s Product Design team.
An actor, improv-comedian, and seasoned public speaker, Ari has branched out into speaking on and writing about all manner of technical topics - especially in the sphere of ‘big data’ and the limits of automated decision-making. He excels at decoding complex technical topics in to a digestible form, drawing on a love of the history of computing as the lens through which to view the future. Ari has been featured at O’Reilly’s Strata Conference, The Lean Startup Conference, GigaOm Structure, MIT's Technology Review's EmTech Conference, Harvard Business School, the Institute for the Future's Tech Horizons Conference, the Economist Future Technologies Summit, and PayPal's TechXploration series.
Ari lives in Menlo Park, California (one of the birthplaces of the Internet) with his wife, Nicole and their two small children.
Daniel Slate has worked at the nexus of privacy, technology, and security for the past six years. At one time a researcher for former cabinet-level national security officials, he has also worked as an engineering strategist and product manager for Palantir Technologies, where he focused on architecting privacy-safeguarding software for the international security community. He studied at Stanford University and splits his time between Northern California and Jerusalem.
The animal on the cover of The Architecture of Privacy is a six-banded armadillo (Euphractus sexcinctus), also known as the yellow armadillo. Native to South America, this species inhabits the savannahs and grasslands of Argentina, Bolivia, Brazil, Paraguay, Suriname, and Uruguay. The word armadillo means "little armored one" in Spanish, a reference to the bony plates that protect the animal's head and body.
E. sexcinctus is typically yellow or reddish-brown in color, with a pointed head, short legs, and six to eight moveable bands between its armor plates. It is the second-largest armadillo species, measuring up 30 inches long and weighing about 15 pounds. A close relative of both the sloth and the anteater, it has sharp claws that make it adept at digging burrows.
The yellow armadillo is omnivorous, subsisting mostly on plant matter as well as insects. Due to its poor eyesight, it relies on its keen sense of smell to locate food. It is also diurnal, in contrast to most other armadillo species.
Comments about oreilly The Architecture of Privacy:
This is a must-read for anyone interested in digital rights.
Bottom Line Yes, I would recommend this to a friend
Comments about oreilly The Architecture of Privacy:
I am reading the early release edition which is only half complete, but O'Reilly emailed asking for a review.
The book is very introductory. It presents mostly high-level concepts and is focused mostly on internal controls. I was looking for more concrete ways to protect data against internal and external threats. There is a use cases section that has not been published yet. I'd love to see a very specific walkthrough of how a company like Anthem, which was recently breached, could have protected their customers' data better than it did. Were there architectural considerations that could have mitigated this, or how could encryption been deployed and if not, why?
Bottom Line No, I would not recommend this to a friend