Talking at a sports arena in the middle of St. Petersburg, Russia, the chief data scientist of IBM Corp.’s entity analytics group describes how his software will anonymize personal information, making it impervious to a data breach.
It uses a one-way hash, Jeff Jonas says. “If I took a pig and took a grinder and made a sausage, then I gave you the sausage and the grinder, could you make a pig?”
He’s talking about G2, his “sense making engine.” The software development platform is coming up on its three year anniversary and about to be updated – the data anonymizer is just one of the features about to be added. Right from the outset of planning the software – one year with pencil and paper alone – Jonas has integrated privacy protections into his software architecture. While the software’s main purpose is to put the puzzle pieces of data together, evaluating each new piece in face of the bigger context, it is also made to enshrine personal privacy.
Jonas wasn’t always a privacy advocate. By his own description, before 2001 he “had no clue whatsoever” about privacy. Between 2001 and 2006, running Systems Research & Development (before it was acquired by IBM) that serviced casinos with relational data software, Jonas designed privacy module add-ons for his software that customers would have to pay more for. Then he met Ann Cavoukian, the Information and Privacy Commissioner of Ontario.
He was inspired by Cavoukian’s message and at the 2011 Privacy by Design conference he delivered a presentation, Confessions of an architect, detailing his embrace of the commissioner’s privacy framework. In 2012, he co-authored a paper with Cavoukian on Privacy by Design in the Age of Big Data.
“You do something that you really think is your best work and then you run into something later and you realize ‘Oh, I could have done it better,” he says.
Jonas isn’t the first technology architect or influencer to adopt privacy by design. The framework has been recognized internationally as a best practice. In October 2010 the International Data Protection and Privacy Commissioners recognized it in a vote as an “essential component of fundamental privacy protection.” It calls on organizations to adopt the seven principles of privacy by design and calls on data protection and privacy commissioners to promote it in their jurisdictions. The framework has been translated into 31 different languages.
An ambassadors program has attracted 21 organizations and a long list of individuals that includes the chief privacy officer of enterprise software firm Oracle Corp. and the global privacy officer of CPU maker Intel Corp. There’s an annual conference in Toronto every January that showcasess how different firms have adopted privacy by design.
7 foundational principles of Privacy by Design
- Proactive, not reactive.
- Privacy as the default setting.
- Privacy embedded into design.
- Full functionality without trade-offs.
- End-to-end security.
- Visibility and transparency.
- Respect for user privacy.
In a word, Cavoukian describes the reception to her framework as “awesome.
“When the leaders in the field like IBM embrace it, you know you’ve hit the jackpot,” she says. “The whole point of it was to put out the idea of putting privacy into the design, into the code. If you embed it from the outset then you can ensure your customer is embedded by default.”
In the digital age of Facebook, where a billion people volunteer their personal information to share with others, and PRISM, a data spying program of foreign nationals recently run by the U.S. National Security Agency, Cavoukian is fighting against the myth that privacy is dead. Too often, she believes, is privacy put forward as something that must be traded off to attain greater security or greater convenience.
“It’s a false dichotomy to say that it’s one or the other,” she says. “We don’t have to engage in these unnecessary trade offs. We can preserve our privacy and enjoy our technology well into the future.”
Toronto-based firm Route1 Inc. sees organizational security and protection of personal privacy as one and the same. It provides security and identity management solutions to enterprises, government, and military departments worldwide and its customers include the Pentagon and the U.S. Department of Homeland Security. Its MobiKEY product is a USB fob that connects users via a VPN to their firewall-protected systems. It’s driver-free and client-less, leaving no trace of use on the computer it used for access.
Already seeing privacy as important, Route1 saw a like-minded advocate in Cavoukian and an opportunity to improve business.
“It was clear to me that Ann was trying to build a brand that would help build our business in the province of Ontario,” says Route1 CEO Tony Busseri. “We’re fighting a large perception right now that the issue isn’t relevant to me, or if it is relevant, I don’t have the finances to do anything about it.”
He took note of Cavoukian for her response to an Elections Ontario data breach of voter information. Her message that data should never leave the network resonated with his company’s goal. There was also harmony in driving home a message to Ontario governmental bodies that have been in the news too often for leaking personal information. He sees attitudes towards privacy and data security in Ontario as behind the times. Route1 has an easier time selling to American firms than to its home base.
“We continue to listen to the message that if we want to do a better job protecting data, it’s going to cost us more,” Busseri says. “In reality, technologies that have better security have less cost overall.”
Jonas buys into that concept too. G2 is designed to not only get smarter with each piece of information added to the engine, but also require less computational power to make decisions. Part of its information taxonomy will track when data records are touched and who touched them – even if its someone with administrator access.
“That means people that oversee the system can make sure it’s being used in accordance with the law,” he says. “If someone tampers with the data, it’s self-evident.”
That’s the type of end-to-end security that Cavoukian is talking about in her privacy by design principles. While her framework has seen international recognition, she still describes the field as nascent and continues to champion it in her work. Last year she traveled the world, advocating privacy by design to software engineers. She’s also partnered with Oracle on releasing theory papers about how privacy and security can be embedded in software systems. One was released in January, and another one will be published in August. It will coach engineers on how to embed it into their code.
Cavoukian is co-chairing a technical committee at the Organization for the Advancement of Structured Information Standards and hopes to develop a guidebook for software engineers ready in eight to 10 months. She continues to work with her privacy by design ambassadors.
“These guys are thinking out of the box,” she says. “They’re thinking about how they can do creative technology and have privacy. It takes smart, innovative people to do it.”
Jonas is seeing it released into the wild as part of his G2 engine. It premiered in the newest version of IBM’s SPSS, a predictive analytics software. He’s guarded about where it will show up in IBM products next, but he’s planning some announcements around the third anniversary date of the platform. As a convert to privacy by design, he’s also keen to help Cavoukian spread her message.
It’s best a business start with privacy in mind, rather than try to build it in later, he says.
“Imagine you build a house and all you have left to do is paint it. Then you realize you want to make it easy to get out in a fire. Well there’s only so much you can do when you only have paint left.”