OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pbd-se message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Snowden Calls On Developers To Champion Privacy By Design (PbD)

YES, of course you all know this!!!

As privacy does indeed matter... as it's not about secrecy (e.g., I have nothing to hide...), but anonymity of decisions -- YOURS!


As some know, this is what our Cyber Model for PbD will facilitate - With existing products that will make this work now (to a large extent...)...    both for USERs and companies mandated to protect privacy under current statutes.. be they PII, HIPAA, CPI, etc..  Leveraging the OASIS SW SE PbD specs, etc..  (and our approach will work in more global / EU environments as well..)


We're submitting a DHS white paper iso of their BAA proposals on same.. to help integrate the it all in a "SoS" environment....  see below info




Snowden Calls On Developers To Champion Privacy By Design (PbD)


Speaking at the Hope X conference taking place in New York this weekend, NSA whistleblower Edward Snowden put out a call for developers to build systems that protect privacy and constitutional rights by design. He also revealed his own intention to work on developing privacy protecting technology. Responding to a question about what people working in technology can do to counteract dragnet, overreaching surveillance, Snowden said encryption is an “important first step”. But he added that simply securing the content of communications is not in itself enough. New privacy-protecting protocols and infrastructures need to be designed.   “It doesn’t end at encryption it starts at encryption,” said Snowden. “Encryption protects the content but we forget about associations…   ETC..  ...  more in article

(AND these 'associations" include the hard parts, security policy methods and automation therein.. supporting various privacy profiles / avatars...)





We continue to advance our Cyber Model For PbD (abbreviated now as “C4P”)...;-))

We are submitting a white paper for a DHS BAA proposal on this very need... a C4P within an open privacy framework (OPF)


Specifically  -  HSHQDC-14-R-B0014 - Data Privacy Technologies Research and Development


+++ See our initial draft CPF  brief at link below.

An updated version will follow soon, as we've finessed it a lot more from our DHS white paper efforts.. on our  C4P and OPF approach




+++ FYSA - Our DHS white paper summary is (still a draft):

Privacy is a simple concept but complex endeavor to protect. Privacy definitions are equally diverse, where the related requirements are naturally diffuse, varied, complex and change depending on where your data resides – city, state, country (for example, the USA laws are relatively weak and European Union enforcement is much stricter). Thus lacking common, ubiquitous privacy requirements, few (if any) implementation level, definitive privacy specifications exist for developers to build privacy enhancing technologies (PET).  Chances are if you don’t have a chief privacy officer or data protection officer, your organization is lacking in protecting critical data, let alone all the laws and statutory regulations dealing with privacy (e.g., PII, HIPAA, CPI, audit, compliance, etc.). 

So how does one start to protect critical data and associated privacy aspects with many of the privacy environmental variables themselves in flux?  We need a global privacy framework to design and measure to within a unified, integrated open privacy enterprise architecture (EA). Given the varied privacy requirements, we developed our cyber model for privacy around the seven major principles in the existing, international Privacy by Design (PbD) initiative (also mapping the seven principles to the NIST 800-53a Appendix J’s 24 privacy controls therein). Thus our cyber model for PbD (C4P) will inherently address the major privacy protection and control aspects from the start, eventually encapsulating the data security attributes and making them relatively agnostic to the ongoing global privacy environment churn.

Current PET methods are generally device centric and not integrated as part of an overall enterprise systems of systems (SoS) architecture foundation. Hence current privacy products and services cannot work in multiple environments or scale – in a continuum from one end device to another, likely different, end device. The essence of our C4P approach is to develop an open privacy foundation EA using a service-based “platform as a service” cloud construct applying data-centric security methods which are integrated into a SoS EA using existing commercial products (COTs). The proposal is to integrate these initial COTs abilities into a fully functioning, enterprise, end-to-end, privacy platform by developing and documenting a common open privacy framework (OPF); thus enabling plug and play privacy capabilities to enhance usability, reuse, and innovation insertion within a trusted environment.  Our OPF framework leverages, aligns with and is integrated with NIST’s RMF (Risk Management Framework) and CSF (CyberSecurity Framework) for a balanced foundational approach.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]