Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 12. Enter the Privacy Engineer

Congratulations! If you’ve made it this far, you’ve hopefully designed and built a technology using some combination of the capabilities outlined in the previous chapters (and perhaps even a few innovations of your own). You slap a label on the box (actual or metaphorical), proudly declaring the technology to be “engineered for privacy.” Now you can turn your attention to other exciting matters, such as getting people to use it, confident that you have done your part to make privacy safe in an uncertain world.

Sadly, this is highly unlikely. Privacy is not something that can be fully addressed with a few architectural decisions made in the design phase alone. A commitment to privacy is an ongoing one, and as your technology grows and is adopted by more and more users in a variety of contexts, you will need to devote organizational resources to maintaining your commitment. Consequently, a key component of maintaining your privacy architecture is going to be an individual (or individuals) responsible for just that.

This requires a Privacy Engineer.

The Role of the Privacy Engineer

The concept of a Privacy Engineer is still very much in its infancy, so it may very well mean different things to different people. We define it broadly as the person (or persons) at your company responsible for ensuring your product is developed, built, and used in a manner consistent with your company’s privacy values. In short, if you have a vision for how your product is going to shape the world when it comes to individual privacy, then your Privacy Engineer (and her team) will be helping you implement that vision.

An effective Privacy Engineer is going to be integral to a significant portion of your organization’s activities. So, what does she do all day?

Product design

Privacy should be under discussion by your design team from as close to day one as possible. Once you have identified a concept and determined that the execution of your technology is going to require some interaction with personally identifiable information, then a Privacy Engineer should be at the whiteboard with the rest of your team, pitching privacy-protective designs into the mix as your technology takes shape. The Privacy Engineer should then maintain an ongoing close relationship with the design team, contributing to the continuing evolution of the technology throughout its lifespan.

Distribution strategy

How should you distribute your technology? If it’s a commercial product, to whom should you sell it? What distribution channels should you enter next? What new capabilities should you develop for your technology? The answers to these and other critical strategic questions should take privacy issues into consideration. Certain customers may be more or less open to using your technology based on privacy considerations. Legal regimes in some countries might make it difficult (or impossible) to use certain technologies. Evolving law, policy, or perceptions of privacy might suggest that certain designs are more advantageous than others (and may even create a competitive advantage for you over others in your sector). While your Privacy Engineer’s input may not often be the deciding factor in developing your distribution strategy, it can provide essential information that will lead to smarter decision-making.

Customer support

Until the magical day when every company has a Privacy Engineer, your Privacy Engineer will likely also be your customers’ Privacy Engineer. Having been intimately involved in every aspect of the design and having carefully thought through the assorted privacy imperatives affecting likely users of the technology, a Privacy Engineer can provide critical support to customers trying to use it in a privacy-protective manner. Ideally, your Privacy Engineer will function as a consultant, suggesting alternative ways to use the capabilities described throughout this book to enable the efficient operation of your technology while meeting assorted privacy requirements. Consequently, this will help your users use the product more effectively, and sidestep potential legal violations or public controversy that otherwise might cripple your relationship with the customer and prevent them from further investment in your technology.

Marketing/user adoption

In an increasingly privacy-sensitive market, you will want to promote your privacy-enhancing features as a value-add for your technology. If you have invested the time and energy to design and build a privacy-protective technology, then you should make the promotion of those features a key part of your outreach to potential users. Your Privacy Engineer will know the key words and phrases that catch the eye of the privacy community and the public at large to help them identify products that address their privacy concerns. Your Privacy Engineer will also be able to identify clumsy phrasing that might unnecessarily spark privacy concerns that could undermine your promotion efforts.

Public relations privacy missteps can cause companies significant headaches. For example:

Following the infamous “wardrobe malfunction” suffered by Janet Jackson during her Super Bowl XXXVIII half-time performance, digital video recording provider Tivo released statistics declaring the incident to be the most watched moment to-date on its device, surprising many customers who may not have been fully aware that their own activities were so closely tracked by the service provider.¹
Uber, a transportation service provider that is accessed via individual smartphones, sparked controversy when it published analyses of its customers’ usage habits that indicated when they were likely engaging in “one-night stands.”²
In 2010, Microsoft Executive Dennis Durkin suggested that images collected via the camera included in their Kinect gaming interface might be used to support targeted advertising to users. The company quickly denied any possibility that the technology would be used in this way.³

These and other similar incidents could be avoided by having a Privacy Engineer as a core component of any PR communications team.

Lobbying

Privacy Engineers should also work with your government lobbying team to ensure privacy messaging is a part of their outreach. While privacy is sometimes not the highest priority issue for many policymakers, there are still a number of them who (thankfully) invest time and energy into engaging in privacy questions. Anticipating this interest when you know your technology raises privacy concerns can help avoid a negative first impression that can be hard to correct (especially when dealing with busy policymakers with limited spare attention).

Additionally, you may need to lobby policymakers directly on privacy-focused statutes and regulations that could affect your product. You might also want to participate in ongoing legal cases (via legal action on your own behalf or through amicus briefs) whose outcomes could affect the privacy landscape in which you operate. This will require your Privacy Engineer to stay up-to-date on current events and the latest thinking in privacy theory in order to anticipate changes and engage in these ongoing discussions where necessary. This role is also not exclusive to self-interested advocacy. There is a dearth of technical knowledge in the policymaking community, and if your organization and your Privacy Engineer are playing an active role in the privacy world by providing expert technical advice, then not only are you enhancing your company’s reputation as smart on privacy but you are also making an overall positive contribution to society.

Other communications

In addition to policymakers, your Privacy Engineer should also be part of an effort to forge relationships with academia and the advocacy community. Many people in both areas are very interested in active engagement on privacy issues and are open to proactive outreach that begins a broader discussion around privacy. An open and frank dialogue can both reassure academics and advocates that your technology is privacy-friendly, and might even generate useful suggestions from these experts on ways to improve your technology and overall offering.

In some cases, academics and advocates may still ultimately determine that the privacy-utility cost-benefit analysis does not favor your technology and criticize it (and possibly lobby for regulations against its use). Nonetheless, your attempts at outreach are unlikely to be fruitless. First, by being transparent about what you are building and how it works, you can ensure that if there is criticism of your work then at least it’s based on fact rather than poorly informed perceptions of what you do gleaned from third parties. Second, the personal relationships between your Privacy Engineer and your critics can temper the potential for rabid demagoguery that might otherwise characterize criticisms of your organization. It’s much easier for critics to call a faceless corporate entity “evil” when they don’t actually know anyone who works there.

Legal support

Your Privacy Engineer is not your lawyer, but she should have a close relationship with your legal team. Privacy requirements will frequently be incorporated into contracts and other operating agreements (often quasi-masked as “security” provisions). The Privacy Engineer—who will be familiar with privacy law and policy and how your technology can be used to implement those requirements—will be able to provide valuable input into the negotiation of these clauses.

In many cases, negotiations over these provisions will be occurring between your Privacy Engineer and non-technical lawyers working for those who want to use your technology. These lawyers will not have been a part of the sales pitches, the development of any statement of work, or even necessarily any of the internal discussions of how to use the product that is being purchased. Consequently, they will have—at best—a vague understanding of how the product in question works, and they will likely be pushing for broad, “cover-your-ass” provisions in their contracts that provide the maximum shield for legal liability with no appreciation for the actual workings of your technology. Your Privacy Engineer will be able to translate your technical speak for these lawyers and help to negotiate contract provisions that are in the best interests of both parties and that are reasonably tailored to the specifics of how your technology actually functions.⁴

In addition, if your organization deals with any personal data (hint: if you have personnel that work for you, it does), then you need your Privacy Engineer to play a role in the development and implementation of your own internal privacy policy. While at the end of the day such a policy regarding your own data may be totally unrelated to the privacy issues that may be implicated in your product, your organization’s privacy policy is a visible representation of your overall commitment to privacy. Poor handling of personnel data, lack of adequate data security, a draconian and unnecessarily intrusive information security policy, and other internal privacy issues can undermine your image as a company that highly values privacy and has any expertise in the topic.

Employee education

Let’s be realistic—in a growing organization, almost no department is overstaffed or even adequately staffed, and your top priority will likely not be staffing your Privacy Engineering team. As a result, your Privacy Engineer is going to be stretched thin and as your organization grows she is going to be sorely pressed to maintain full situational awareness of every privacy-relevant activity. In order to ensure that potentially critical privacy issues are identified and addressed across your organization, you are going to need to incorporate privacy into your personnel’s core values so that they are sensitive to these issues and know when to seek out the Privacy Engineer. This requires extensive and ongoing education that your Privacy Engineer will need to develop and administer. New employee orientation will need to include a privacy component, and employees will need to be kept up-to-date on the latest developments in privacy and why they are relevant to their work.

Privacy Engineers: How to Find One

You may have noticed that we’ve just described someone with the skills of an engineer, marketer, business strategist, lawyer, lobbyist, and philosopher, among other capabilities. It’s a tall order. You are probably not simply going to be able to search LinkedIn for a list of “privacy engineers” and discover a convenient list of possible candidates (although with luck that will change in the very near future). In some cases, you may not even be able to find a single individual to fill the role—you might need to assemble a team of people that as a whole possesses the requisite skillset to effectively play this role.

Your perfect Privacy Engineer (and her team) will probably be built gradually as they work for you. Consequently, you want to look for a set of core competencies that will grow and develop along with a deep understanding of your technology, your organization’s mission, and its privacy values. Those competencies, described in the following sections, should include at minimum:

Strong domain expertise
Ability to apply that expertise at a practical level
Expert communications skills
Solid engineering abilities
Tempered passion

Domain expertise

The legal and policy basis of privacy is lengthy and complex. Privacy law and policy cannot be broken down into a short set of easy guidelines, and privacy issues can lurk in unexpected places. Depending on the context in which your technology will operate, a Privacy Engineer might need to understand privacy law as it relates to law enforcement, government intelligence collection, health care, insurance, financial institutions, consumer rights, employment law (including rules for employee unionization), education, etc. Or, it’s possible your technology may generate an entirely new set of data or use data in a completely novel way, such that your Privacy Engineer needs to try to anticipate how privacy law might develop around this new case by analogizing it to any number of existing privacy laws (or more likely, some amalgamation of those laws).

Domain expertise encompasses more than just a broad understanding of the nuts and bolts of privacy law. Truly understanding privacy means understanding differing cultural perceptions of privacy as well, and if your organization is going to operate globally, then the Privacy Engineer will need to understand the law in these contexts in each country in which you are likely to operate. People in the United States value different aspects of privacy than people in France, Germany, or Japan. Knowledge of these distinctions is essential to being able to provide useful advice as to how to design and market privacy-implicating technology for government, business, or the general public in those countries. Different capabilities will be required to appropriately address different cultural imperatives, but identifying these imperatives will involve more than just understanding a laundry list of laws. Knowledge of historical context as well as privacy-related current events in countries that your business targets allows your Privacy Engineer to provide important advice regarding your operational environment.

Don’t spend a ton of time looking for a privacy savant with an eidetic memory. You are unlikely to find a candidate who is going to have all of this law memorized along with experience in all of these fields. It will be enough for your Privacy Engineer to at least be able to recognize when these particular contexts will apply to your work. When given a use case for your technology, your Privacy Engineer should be able to identify the various legal regimes that might apply, and know how to research those regimes to learn more about how they may affect your product. In some cases, cursory research is not going to be enough, so you should also make sure you hire someone who knows their limits and will seek out advice from subject-area experts.

Practical application

While you want solid domain expertise in your Privacy Engineer, you don’t want an academic. Privacy is a fascinating field and many people can wax philosophical about it at great length, but at the end of the day you are running an organization with a mission, not an 18th-century French salon. Once a Privacy Engineer identifies the law, policy, cultural, and other imperatives that might apply to your technology, she must then determine exactly what that means for your design, your regulatory obligations, your marketing, your government lobbying, your talent recruiting, and many other aspects of your business. In other words, you need someone who can take this domain expertise and translate it into practical advice for your organization.

As any quick survey of the general field of privacy will show you, this is not an easy skill to find. The great bulk of privacy expertise remains firmly ensconced in academia, where theoretical discussion is rich but application is thin. Academic works are a great place for someone to research and understand how the reasonable expectation of privacy standard for U.S. Fourth Amendment law has and will continue to develop, but few (if any) scholarly articles on the subject will provide a useful list of concrete technical features that should be a core component of, say, a social media analysis tool. Privacy advocates aren’t necessarily the right fit, either. While they tend to be more focused on the actual details of implementing privacy law and theory, and will certainly be more familiar with the operations of government organizations or corporate entities than academics, more often than not they focus on engendering legal and policy solutions that address privacy issues at large, rather than developing particular technological tweaks for specific applications. All this is not to say that practical-minded academics or advocates don’t exist. However, given the nature of those pursuits, there is simply less of a need for practical skills, and so those individuals tend to be less developed in this area.

The ideal Privacy Engineer will be someone who has experience actually building something that has had to operate according to some kind of parameters. Rather than seeing regulation as something that prohibits a particular technological innovation, she should see privacy-driven requirements for a particular capability as merely calling for additional features that address those requirements while still enabling the ultimate functionality. Consider the car. When engineers initially designed and built a car, they likely did not view the requirement that a car should be able to stop as something that hampered the design and therefore counseled against building a car at all. Just as braking is an essential component of any moving vehicle, so too should technical support for privacy protection be thought of as an essential component to any data-driven technology. A good Privacy Engineer will embrace this mentality.

Communication skills

By now you’re well aware that privacy is a complicated topic, and likely agree that the details of engineering could hardly be classified as easy to understand without considerable training. A Privacy Engineer sits at the nexus of multiple fields and must often serve as a conduit between the engineers and the lawyers, regulators, and privacy-interested public. Consequently, strong communication skills are essential in an effective Privacy Engineer.

Our experience as Privacy Engineers has shown us that there is sometimes a basic incompatibility between the matter-of-fact, straightforward engineering mindset and the squirrelly, spiral-staircase lawyer (or philosopher) mindset. Engineers live in a binary world of ones and zeroes, or it works/it doesn’t work dichotomies, and will often ask simply, “What is the right answer?” Lawyers and philosophers, trained to see an issue from all sides, are often loathe to (or, less charitably, are unable to) make such a stark declaration of the “right” solution, particularly with regard to the vaguely defined question of privacy. As a result, it’s important for Privacy Engineers to be able to provide engineers (and others) not steeped in the intricacies of the privacy debate with enough information to be able to make an informed value judgment as to how their technology should address privacy concerns. They must be able to explain complex aspects of privacy law and policy in a concise, easy-to-understand way that helps engineers (and CEOs) decide on a specific course of action.

Engineering skills

As the title suggests, Privacy Engineering is more than just opining on legality, ethics, and media relations. Privacy Engineers are expected to actually contribute to the design and building of practical capabilities that meet privacy goals. An effective Privacy Engineer will need to be able to contribute to your design team at a technical level.

A policy expert who can write Java code or build SQL databases is difficult to find, but not impossible.⁵ However, short of such an individual, a strong Privacy Engineer will at least show some ability to understand the “under the hood” mechanics of your product. This will lead to better-informed practical advice from your Privacy Engineer, who can thus tailor her practical guidance to better accommodate what is and is not actually possible within the technical confines of the system.

As your organization grows and you begin to reap the benefits of privacy-conscious design choices, you should consider devoting more engineering resources (i.e., skilled coders) specifically to your Privacy Engineering team. The more technically proficient your Privacy Engineering team, the more likely they can provide significant value to your ultimate technology design. Privacy Engineers who can actually write code and build technical capabilities not only can contribute to essential capabilities but they can also focus on directly building privacy-enhancing features that, while not necessarily at the top of a user’s demand list, add significant value to the ultimate technology and may even contribute to your overall competitive advantage in a crowded marketplace.

Tempered passion

Privacy Engineering is a frustrating pursuit. Anyone who follows the ups and (mostly) downs of privacy in the modern age will know that when set against just about any other imperative, privacy loses. All too often, security trumps privacy, economic gain trumps privacy, and ease of use trumps privacy. When one benefit is often so clear and concrete and the other is so abstract, the abstract concept almost never prevails. This can even happen in the most privacy-conscious organization, where almost inevitably there will come a time when the desire to reach a mission-critical goal persuades decision-makers to opt for a course of action that falls short of what a privacy idealist would seek. Therefore, your Privacy Engineer needs to be able to handle losing a battle. A lot.

Maintaining zeal for the job requires a level of passion for privacy that remains undiminished in the face of the inevitable string of disappointments that a Privacy Engineer will face. Your Privacy Engineer needs to care so deeply about privacy that they can mount a passionate case for privacy against long odds and then lose that case with disappointing frequency. She must then be able to take that loss in stride while looking for constructive ways to contribute to the course of action ultimately taken by the organization. A good Privacy Engineer will care about privacy, but also not threaten to resign every time the tide does not go her way.

Avoiding Privacy Tunnel Vision

Let’s say you now have a Privacy Engineer (or a few) working at your organization. They produce practical recommendations on how to address privacy issues in your technology. When you go to your Privacy Engineering team and ask for advice, they quickly and unanimously present you with a solution. This is great, right?

Wrong. Your Privacy Engineering team should be fighting with itself (politely, of course). Or, if you only have one Privacy Engineer, then you need to find someone able to challenge her. Privacy is difficult and nuanced, and if your Privacy Engineering team is offering you pat answers then you are probably missing vital perspectives that can only make your organization and your technology stronger. For example, does an employer have a right to monitor everything that its employees do using employer-provided equipment (computers, networks, email systems, etc.)? There is certainly no global consensus on this question, and as you develop your own internal policies and build technologies that might be used as part of an employee oversight program, you are going to want to hear all sides of the question. Consequently, you need a Privacy Engineer who can see and fairly present all sides of the issue or, more ideally, a couple of Privacy Engineers who will debate the issue and present you with differing perspectives to inform your decision.

You might also want to consider building a privacy-focused advisory board. This group should be composed of experts from varied backgrounds—academics, advocates, legal practitioners, former government officials, etc.—who can offer a variety of perspectives on difficult privacy questions that your organization may be facing. This group will be compensated, of course, but their primary livelihood will not depend on your company. This means they will be able to offer perspectives not colored by specific organizational interests. This “pure” privacy advice will be useful to you as you try to incorporate privacy into your broader decisions. This group can also be a good foil for your Privacy Engineers if they need additional voices to challenge their entrenched opinions.

Finally, your Privacy Engineers should take advantage of the many privacy-related events that take place around the world each year. These conferences gather experts on privacy from academia, advocacy, business, and government (both current and former officials), and they cover a myriad of privacy-related topics. From standard keynote speech-and-panel formats to more interactive paper workshops and problem-solving forums, these conferences present great opportunities for Privacy Engineers to keep up with current events and the latest trends in privacy theory as well as promoting (and getting feedback on) your own technical solutions to privacy challenges. In addition, the global privacy community is not particularly large, meaning that regular attendance at these conferences can be an excellent means of building important relationships with key players in the privacy field.

Selected Privacy Conferences

Amsterdam Privacy Conference: Hosted by the University of Amsterdam, this event occurs sporadically and gathers policymakers, technologists, advocates, and academics for in-depth privacy discussions in a variety of formats.
Computers, Privacy, and Data Protection: An international conference covering a wide variety of topics, primarily through panel discussions involving a mix of policymakers, technologists, advocates, and academics.
International Conference of Data Protection and Privacy Commissioners: This conference gathers government officials with responsibility for data protection and privacy for an annual closed meeting to discuss privacy issues. Some (but not all) conferences include privacy-related events that are open to the public. Follow the Article 29 Working Party for announcements of future events.
International Information Security and Privacy Conference: A technically focused conference bringing together diverse practitioners to discuss security and privacy.
Privacy Enhancing Technologies Symposium: A global gathering of privacy and anonymity experts to discuss advances in pro-privacy technologies.
Privacy Law Scholars Conference⁶: Authors present scholarly papers pre-publication for review and discussion by leading privacy minds.
Symposium on Usable Privacy and Security (SOUPS): An interdisciplinary conference focusing on human-computer interaction, security, and privacy.

Conclusion

Privacy Engineers are an essential component for any organization that wants to succeed in building and selling a privacy-conscious technology. The combination of knowledge and skills necessary for a good Privacy Engineer is rare, meaning you will have to work hard to find and keep a skilled engineer. Nevertheless, you should make the effort, as your Privacy Engineers can provide a significant value-add for your organization and constitute a key factor in your ultimate success or failure.

¹ Charny, Ben. “TiVo Watchers Uneasy after Post-Super Bowl Reports”. CNET. February 5, 2004.

² Pagliery, Jose. “Uber Removes Racy Blog Posts on Prostitution, One-night Stands”. CNNMoney. November 25, 2014.

³ Gallagher, Dan. “Is Your Videogame Machine Watching You?”. Digits. November 11, 2010.

⁴ This is not to suggest that your Privacy Engineer should function in the place of your lawyer. Rather, she will support your lawyer in the fashioning of any legal agreement. Never negotiate an agreement—or anything, really—without a lawyer.

⁵ Programs like the University of Colorado’s Silicon Flatirons Center are beginning to produce an increasing number of individuals with this combination of skills.

⁶ Alternates between Berkeley and George Washington University. Search “privacy law scholars conference” for information about the latest conference.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for 12. Enter the Privacy Engineer

Create new playlist

Sign In

Sign Up