Sunday, 3 May 2015

Privacy Engineering on Wikipedia

I noticed that an entry for privacy engineering was missing on Wikipedia, so in the true traditions of Wikipedia I created it:

It is a bit sparse at the moment, but here's hoping that the privacy community adds material and the Gods of Wikipedia look favourably on the entry...

Friday, 1 May 2015

Goodbye Messenger

One of the first posts here was about NASA's Messenger probe to Mercury, and today its mission ended. Here's Messenger's final image and tip of the hat, or a beer or two to NASA's engineers!

Now it is just waiting for ESA's BepiColombo probe to arrive - it departs in January 2017, makes 2 fly-bys of Venus, 5 of Mercury before entering orbit in January 2024.

Thursday, 30 April 2015

Automating Privacy Compliance

I was at the 2015 meeting of the UK Ontology Network in Leeds earlier this month where, amongst many, there was a presentation about a tool called Sparqlycode - which if you get the chance you must check out!

Anyway, Paul Worral of Interition Ltd wrote a very nice summary of my work:

Ian Oliver [Nokia Networks, Espoo, Finland] presented Ontologies for Privacy.  The whole idea behind Sparqlycode is to provide an information tier for software that enables it to be linked to knowledge about the business.  Ian's work is a perfect example of this. He demonstrates how high-level policies on Personally Identifiable Information should and can be directly related to the code responsible for adhering to them. Ian has authored a book on the subject, Privacy Engineering. I bought it and hope to have some examples of how it can be applied to Sparqlycode soon.

I look forward to seeing how this works out, but it certainly is in the direction of where I hoped. It'll be very interesting to see how this particular approach matches with a more data-flow based modelling approach.

At UKON2015 there was also an extremely interesting presentation about a tool called TawnyOWL for programmatically generating ontologies. Given that Clojure is my current language of choice this seems a perfect fit for the privacy ontologies themselves.

Tuesday, 28 April 2015

Modelling Privacy

Here's a teaser from the next book on privacy. ETA late 2015, December - just in time for Christmas - if I work really hard!

It will compliment the existing book Privacy Engineering and build upon more of the data flow modelling, use of taxonomies and techniques for analysing models such as those from safety critical engineering, eg: FMEA, RCA etc.

In the meantime, Privacy Engineering is available from,, CreateSpace as well as Barnes and Noble and even book stores such as here in Finland.

Monday, 27 April 2015

Privacy Awareness Training

I had the pleasure of presenting at the IAPP's DPIntensive workshop in London this month. After my session I got to talk with many about how to move privacy forward beyond an insular group discussion properly towards the engineers whose job it is to build the systems that implement these privacy rules.

One thing that came up was the need for training and that privacy awareness training hasn't had the effect hoped for. Given that awareness training is exactly that, is it no surprise that once the, usually, one hour presentation on how we should all care about privacy is made nothing happens?

Primarily this is because awareness training is by its very nature very abstract at best and irrelevant at worst. Awareness training is also rarely followed up by more context relevant training, for example, for the software architects or programmers or marketers and so on.

There are various reasons for this, mainly, that to continue training in such a manner takes a great deal of effort to set up and comes with an interesting catch-22 problem: the privacy department/group/... probably doesn't have any engineers; which makes generating relevant training for engineers remarkably difficult.

Worse is that because of the current nature of privacy - it is primarily a legal discipline, albeit one trying to break through to engineering - very few engineers move towards or even into privacy.

One member of the audience at the DPIntensive workshop remarked on this stating that this was one of their biggest problems, especially as they had so much to learn from engineering.

The other major difficulty is that the structures that need to be put in place in order to translate between a legal discipline and an engineering one are undoubtedly complex. Consider a linguist trying to create a translation into an as yet not understood language: first one must understand the script, the syntactic structure and then the semantic ones - not to mention the whole problem of the pragmatic structures and idioms that exist before a degree of fluency is reached that makes translation or even basic conversation possible.

So, the problem with privacy awareness training is that it becomes almost impossible to follow up and continue beyond anything more than a broad, common denominator.

Such training however are fantastic for metrics ... make the training compulsory and you'll get 99% of the company taking the training - which normally lasts an hour, can be delivered by webcast or similar. Working with metrics and a delivery mechanism like that makes it an amazing vehicle for improving 'management' metrics. Which in this case are exactly the wrong metrics, at least from the point of view of the good of the company.

So next time you create a privacy awareness training consider :

  • whether that training is aimed at a particular audience, or it is broad and generic
  • how that training is to be followed up
  • what effects do you expect to see
  • measurement of must be made on what effects of the training actually went into practice
We can go further and ask what cultural changes happened due to the training, from the point of view of:
  • the programmers
  • the engineers
  • the overall R&D
  • the management
  • the marketing department
  • the legal department
  • the privacy group

Unless all of the above can be answered then the privacy awareness training will have no overall or lasting effect.

Monday, 6 April 2015

Quote of the Day about Truth

Emile Zola:

 “If you shut up truth and bury it under the ground, it will but grow, and gather to itself such explosive power that the day it bursts through it will blow up everything in its way.”

Saturday, 4 April 2015

2015 UK Election Leader TV Debate

Whether leadership debates are a good thing or not is itself a debate, however ITV's UK Leadership Debate with seven party leaders was held with the result that Miliband (Lab) "beat" Cameron (Con) by a small margin. YouGov made a survey of who do you think won the debate with the results as shown below (source: Guardian)

One thing however is not explained, and that is who was asked. Obviously if you'd polled in Ceredigion or Gwynedd then Wood (PC) would have won, if in Brighton then Bennet (Greens) and so on. However I assume that we could say that this was a representative sample from across the UK, but still it is going to be heavily weighted in favour of the national parties and then especially the two leading parties.

This got me thinking, as you can tell whatever you want with statistics - think of it as accountancy with more leeway - could the above figures be weighted according to the uk electorate, especially as two of the parties involved do not campaign outside of Wales or Scotland.

The electorate figures for England, Scotland and Wales for 2013 according to the Electoral Commission are 40,100,00, 4,100,00 and 2,300,00 (to nearest 100,000). Given this I think it is obvious that the above results are going to be skewed towards the established parties.

Furthermore the SNP are fairly well known and have a more 'national' or UK-wide agenda than Plaid Cymru who are much more focussed on Wales. Leanne Wood (PC) for example is standing as a member of the Welsh Parliament rather than Westminster. Welsh politics rarely feature outside of Wales, except for a strange incident back in 1997 (one, certainly for the conspiracy theorists). Ironically given the current constitutional issues since the Scottish independence vote, it has been Rhodri Morgan, leader of the Welsh Government who has been proposing ideas (even at EU level) of how the UK and Northern Ireland should be governed.

That given, the above figures on who "won" really should be taken much more in context of the audiences to which they are most relevant. The above is so much biased towards an English view - not that there's a problem with that - it does give a false impression to voters in Wales and Scotland. Furthermore, given the size of England and its electorate even the above figure does not truly represent England - how would it look in the context of Thanet versus Toxteth?

So getting back to how the leaders actually did in the debate, it would be best to take each individually, especially as each has very different leadership goals. Probably the best overview of each of the party leaders' performances was given by the Telegraph. Or as another put it, four out of touch public school boys taken to task by three women :-)

Sunday, 22 March 2015

Slowing Down Software Development

Stephen Wilson in his blog post Programming is like Playwriting (23 Feb 2011) which recently resurfaced via a Twitter conversation makes a few interesting points about how we write software and how the tools and speed of development cause some very interesting quality problems.

Coding is fast and furious. In a single day, a programmer can create a system probably more complex than an airport that takes more than 10,000 person-years to build. And software development is tremendous creative fun. Let's be honest: it's why the majority of programmers chose their craft in the first place.

Actually I found this statement ironic, especially in light of the Denver Airport Baggage System - which itself became far more complex than the rest of the airport's operations.

So, picking out two salient points:

We took our time. I was concerned that the CASE tools we introduced in the mid 90s might make code rather too easy to trot out, so at the same time I set a new rule that developers had toturn their workstations off for a whole day once a week, and work with pen and paper.
I worked a long while back in software-hardware co-design, to best understand the difference consider these situations:

Software - compilation and testing phases

$ vi myProg.c
$ gcc myProc.c
$ ./a.out

repeat multiple times per minute/hour as necessary. The cost of compiling and editing is measured only in man hours.

Hardware - compilation and testing phases

  • Send net list to TI,Phillips or whoever for ASIC manufacturer
  • Pay $1,000,000
  • Wait 3-6 months
  • Receive single ASIC in post
  • Test

Maybe the solution is that each compilation is charged per compilation? Actually I knew one developer that added sleep statements to his compilation scripts so that the act of compilation would become so 'expensive' that he spend much more time ensuring that the code worked before compilation.

My internal coding standard included a requirement that when starting a new module, developers write their comments before they write their code, and their comments had to describe ‘why’ not ‘what’. Code is all syntax; the meaning and intent of any software can only be found in the natural language comments.

Formal specification? Now whether you use B, Z, VDM or any of the other host of mathematical languages (and by the way, C, Java etc are mathematical languages in that sense) along with their tools and techniques is largely irrelevant, though for actually expressing the WHY and WHAT they are rather good at this!

We have had some excellent results regarding so called 'light-weight' usage of formal methods. The main learning however is not doing formal methods for the sake of doing formal methods but the fact that the communication and clarity of the requirements and subsequent code was much improved.


[1] Ian Oliver Experiences of Formal Methods in 'Conventional' Software and Systems Design. FACS 2007 Christmas Workshop: Formal Methods in Industry. BCS London, UK, 17 December 2007 

[2]  Ian Oliver Experiences of Formal Methods in 'Conventional' Software and Systems Design

Thursday, 19 March 2015

Messenger at Mercury .. the "end game"

A long time ago, and probably one of the reasons I started writing this blog, Messenger arrived, or more correctly made a fly-by of Mercury. Now after many years NASA plan some audacious manoeuvres before they finally crash Messenger into Mercury.

Sad to see Messenger's mission end, but the results have been amazing. You can read about the planned hovering and low passes at Science Daily.

Tuesday, 17 February 2015

IWPE2015 Keynote

I'm giving the keynote speech at IWPE2015 which is provisionally entitled

"Engineering Privacy as a Safety-Critical Concern"

I'll talk about some tools and techniques which we can use from other domains such as aviation and medicine and how privacy in software engineering is synonymous with safety in these other domains.

Conference details can be found from an earlier posting or via the link above. Conference date is 21st May 2015 and it will be held in conjunction with the 36th IEEE Symposium on Security and Privacy in San Jose, California.

Tuesday, 10 February 2015

Privacy Engineering Tutorial Session held in conjunction with IEEE TrustCom-15

Privacy Engineering Tutorial Session held in conjunction with IEEE TrustCom-15

August 20-22, 2015, Helsinki, Finland

Privacy from legal aspects through to engineering concepts has become a defining aspect of system design. Knowledge of how this relatively young and important area links together lawyers and engineers is critical to a proper implementation of privacy beyond mere lip-service and obscure privacy policies.

What would make this tutorial session unique is the presentation of the end-to-end privacy ‘process’ with examples drawn from industry demonstrating how Privacy-by-Design becomes Privacy Engineering with foundational aspects, tools and techniques, risk management, requirements management, checklists, auditing etc being properly integrated together.


Dr. Ian Oliver, Nokia, Finland
Michelle Dennedy, VP/Chief Privacy Officer, McAfee/Intel, US
Jonathan Fox, Director Data Privacy, McAfee/Intel, US


This tutorial will be held on the 20th of August 2015.


This tutorial session will be held in four parts and presented by the three organizers listed above.

  1. Legal Aspects of Privacy For Managers and Engineers(JF)
  2. Privacy Development in the Software Process (MD)
  3. Engineering Foundations of Privacy (IO)
  4. Guest Lectures
    1. Privacy at F-Secure, Antti Vaha-Sipila, F-Secure
    2. Privacy at Nokia, TBD
  5. Discussion (All)

The above sessions are supported by material in the following books:

  • The Privacy Engineer's Manifesto - Apress
  • Privacy Engineering: A dataflow and ontological approach - CreateSpace


Please direct enquiries and registration for the tutorial to Ian Oliver.

IW5GS2015 - The 1st International Workshop on 5G Security held in conjunction with IEEE TrustCom-15


The 1st International Workshop on 5G Security held in conjunction with IEEE TrustCom-15

August 20-22, 2015, Helsinki, Finland

There is a fast on-going change in the technical architectures and topologies of the Internet: in the near future 5G and next generation 4G/LTE network architectures will be based on or migrated to Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network operation, traffic management and introducing new and novel security challenges. Aspects such as security of orchestration, management functionality as well as surveillance and privacy are brought to the fore. At the same time they introduce new ways of dealing with attack prevention, management and recovery.

The one-day workshop will consist of papers, presentations and demonstrations on the subject of advanced network security. While primarily related to 5G networks, experiences from 4G/LTE, 3G and earlier, including case studies on practicalities of known attacks and novel attack vectors will be considered for acceptance. An invited keynote speech will be given setting out the overall area of security in network development and operations.

Scope and Interests
We solicit papers and demonstrations in the following areas related to 5G/LTE security:

  • Core Network Security
  • Cellular security
  • Device to Device (D2D)
  • Security Management and Orchestration of NFV and SDN elements
  • Terminal and Edge Computing Security
  • Malware and attack detection and prevention techniques, eg: machine learning
  • Authentication and Authorisation
  • Encryption protocols, eg: homomorphic encryption
  • Key Exchange, Storage and Protection
  • Content/Semantic processing, inc. anonymisation of (meta*-) data
  • Honeypot and Firewall Technologies
  • Protocol security: Diameter, SS7, BGP, etc
  • Physical Layer Security
  • Formal Specification and Analysis of Protocols and Attacks, eg: model checking etc.
  • Trusted Computing with NFV and SDN

Submission and Publication Information


Important Dates

Submission deadline: March 31, 2015
Authors notification: May 31, 2015
Camera-ready due: July 1, 2015
Registration: July 1, 2015

Program Co-Chairs

Dr. Ian Oliver, Nokia, Finland
Dr. Silke Holtmanns, Nokia, Finland

Program Committee

Dr. Rolf Blom (Security Researcher), SICS Security Lab, Sweden
Dr. Aidan Delaney, University of Brighton, UK
Tobias Engel (Security Expert), Sternraute, Germany (tbc)
Hannu Flinck (Senior Specialist in Internet Technologies), Nokia Networks, Finland
Dr. Martin Gerdes (Ph.D. Fellow), University of Agdar, Norway
Dr. Philip Ginzboorg (Senior Researcher), Huawei, Finland
Leo Hippalainen (Security Expert), Nokia Networks, Finland
Prof. John Howse, University of Brighton, UK
Prof. Theo Kanter, University of Stockholm, Sweden
Dr. Kari Kostiainen (Researcher), ETH Zürich, Switzerland
Dr. Ulrike Meyer (Security Expert), RWTH Aachen, Germany
Prof. Chris Mitchell, Royal Holloway, University of London, UK
Markus Miettinen (Research Assistant), University of Darmstadt, Germany
Dr. Martin Otto (Head of Cyber Security Research), Siemens AG, Germany
Dr. Anand Prasant (3GPP Security Chair), NEC, Japan
Peter Schneider (Senior Specialist Security Solutions), Nokia Networks, Germany
Prof. Taleb Tirak, Aalto University, Finland
Prof. Ralf Tönjes, University of Applied Science, Osnabrueck, Germany
Janne Uusilehto (Head of Security and Privacy), Microsoft Mobile, Finland
Prof. Thanh van Do, Telenor, Norway
Prof. Alf Zugenmaier, Munich University of Applied Science, Germany


Please email inquiries concerning the workshop to Ian Oliver and Silke Holtmanns.

Monday, 26 January 2015

Kings Cross,Trains and a Swiss Cheese

New Year's Resolution: write more .... and .... 26 days later....finally got around to it. So after a prolonged break and spending most of it reading upon topics from organizational failures, safety, privacy and a touch of homomorphic encryption, I came around this:

which is an exceptionally well written summary of the problems at King's Cross Railway Station after Christmas 2014 where overrunning engineering works blocked all long distance and commuter rail services out of one of the London busiest termini.

What actually started out as a fantastic opportunity to perform engineering work over a rare, four day holiday became the proverbial nightmare as works overran by 24 hours. As a relatively simple study in the Swiss Cheese model it provides a wealth of issues and examples of how the holes in the Swiss Cheese lined up as a large number of minor problems coalesced into a "disaster".

Despite meticulous planning and well rehearsed contingency and emergency plans, and even pre-emptive measures such as providing extra machinery and fitters to correct problems on-site it eventually came down to a lack of drivers for freight trains that finally provided the final hole in the Safety Swiss Cheese.

An excellent example of how things go wrong despite detailed planning. Of course it is easy to judge with 20/20 hindsight and see clearly that a number of known failure points were obvious, but like many of these cases at each point the situational awareness was for many reasons lacking. Funny how the same aspects occur here in engineering as well as medicine, aviation and of course privacy.

Wednesday, 3 December 2014

Category Theory and the Meaning of Life

I was warned many years ago, by more than one person, that dabbling in the dark arts of category theory only leads to, well, becoming a category theorist...

OK, I admit it, I've been playing with Spivak's Ologs for a while on an actual problem and I particularly like the insights, or at least structure it gives to certain problems. A long while back we even attempted to use CT on a definition for what MDA is.

Coming back to the present and category theory itself, I'm of the opinion that topology or at least topological thinking provides a very neat way of conceptualising and understanding many problems. At the moment my work is certainly deeply grounded in metric spaces and the like.

Given all this foundational work and the fact that CT is proposed by some to be the "true" foundation for mathematics. Take a look at John Baez's work on mathematics and biology/ecology for example.

So I wasn't too surprised when Amazon's suggestion engine made the same conclusion. This can not be a coincidence can it? I mean I buy books on science and mathematics but this particular juxtaposition of suggestions must have a deeper Amazon sentient I wonder?

Does this mean we have a functor between CT and spirituality?

Is '42' an initial or terminal object?

Or is the a deeper meaning in this suggestion:

Maybe that's it...."Category Theory?"...RUN AWAY. SAVE YOURSELVES POOR MAMMALS!

Note: This post contained humour!!!

Monday, 24 November 2014

CFP: TrustCom 2015

Helsinki, Finland, 20-22 August, 2015

With the rapid development and increasing complexity of computer systems and communication networks, user requirements for trust, security and privacy are becoming more and more demanding. Therefore, there is a grand challenge that traditional security technologies and measures may not meet user requirements in open, dynamic, heterogeneous, mobile, wireless, and distributed computing environments. As a result, we need to build systems and networks in which various applications allow users to enjoy more comprehensive services while preserving trust, security and privacy at the same time. As useful and innovative technologies, trusted computing and communications are attracting researchers with more and more attention.

The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-15) will be held in Helsinki, Finland on 20-22 August 2015. The conference aims at bringing together researchers and practitioners in the world working on trusted computing and communications, with regard to trust, security, privacy, reliability, dependability, survivability, availability, and fault tolerance aspects of computer systems and networks, and providing a forum to present and discuss emerging ideas and trends in this highly challenging research field.

Accepted and presented papers will be included in the IEEE CPS Proceedings.
Distinguished papers presented at the conference, after further revision, will be recommended to high quality international journals.