Saturday, 26 December 2015


At this time of year I'd like to make a serious public health announcement and make people aware of a strange, incurable, debilitating disease affecting the majority of people here in Finland at this time.

* * *

Kinkkumyrkytys (eng: hampoisoning)

A debilitating disease suffered around late December and sometimes early January by persons residing in Finland. Thought initially to be a genetic disease of the native Finnish population, it now appears to be some kind of virus that is transmitted to non-natives in that region.

The sufferer experiences symptoms of feeling too full, bloated and some nausea. It also causes the sufferer to lie or sit for extended periods of time; attempts to move or walk cause the above symptoms to become worse.

In a mechanism that is still unexplained the disease affects the vocal centres of the brain rendering the sufferer to emit grunts and be incapable of saying much more than simple sentences. Sufferers have been known to complain bitterly and say phrases such as "Ei ruokaa...", "Ei enää kinkkua taas...".

Curiously regardless of the nationality and language of the sufferer, these phrases are always in Finnish leading to speculation that this is some new class of neurological disorder. Because of the above utterances, it is believed that this is how the disease obtained its name.

In extreme cases the sufferer becomes a vegetable and can only blankly stare at contentless, bright, flashing pictures known as Finnish Christmas TV without comprehension for hours on end. In some serious cases people have been known to binge watch "Vain Elämä" - the prognosis in these cases is however extremely grave bordering on absolutely no hope at all.

Interestingly while sufferers have a complete aversion to roast ham at this time, other foods also cause the sufferers additional agony. These include: mätti (fish eggs), lipeäkala, joululimppu (Christmas bread), various kinds of "laatikko-" food including lanttu (swede), porkkana (carrot) and peruna (potato).

It has been suggested by some researchers that there may be a connection with excessive amounts of Christmas good consumed in Finland. However this research has been extensively denounced as being "pasta" - a Finnish term meaning "obviously not true you ignorant fool...pass me more ham and an extra helping of that lovely lanttulaatikko too!"

A secondary debate on whether lipeäkala is food or a chemical/biological weapon is tending towards the latter.

The symptoms of this disease continue for a number of days and the sufferer returns to full health quickly afterwards. However no immunity is gained and it is likely that the symptoms will reappear at the same time next year,

Some alternative therapists have suggested a treatment called "Tipaton tammikuu" involving consuming homoeopathic amounts of alcohol for a month. This rather dangerous and unethical therapy has been denounced as being "pasta".

Tuesday, 22 December 2015

100,000 page views

100,000 page views isn't huge...but for a blog that was meant to be a way of collecting links and thoughts and not really aimed at anyone in particular - though you might see a strong leaning to things such a privacy, astronomy, mathematics, computer science - I consider this to be quite a milestone.

And here it is, reached at 22:27 on 22 December 2015:

Nadolig Llawen
Hyvää Joulua
God Jul
Merry Christmas

Engineers for Privacy Professionals

As many discussions on this blog have pointed out, there is a mismatch between engineering and legal when it comes to privacy; one can even argue there's a mismatch between these two groups and privacy advocates too, but that's another story...

It is critical for anyone involved in privacy to understand that without the complete trust and involvement of the engineers who build the systems that are supposed to be compliant with whatever privacy policy exists, that compliance will be at best, fragile.

At the IAPP's DPIntensive meeting earlier this year I gave a presentation on the subject, here's the link to the slides.

The main learning is that unless engineering is an equal part in your privacy discussions then you're really just playing at compliance.

Privacy isn't just about privacy policies or long winded legal documents but about education, learning and understanding that everyone depends upon everyone else in order for your business to successfully (and legally!) function.

I wrote about how privacy should be taught earlier with the quote:

It often surprises me that many of the people advocating privacy don't actually understand the things that they're trying to keep private, specifically information. Indeed the terms data and information are used interchangeably and there is often little understanding of the actual nature and semantics of said, data and information.

This is also seen in how we train our staff in privacy aspects - with the dreaded "privacy awareness training":

One thing that came up was the need for training and that privacy awareness training hasn't had the effect hoped for. Given that awareness training is exactly that, is it no surprise that once the, usually, one hour presentation on how we should all care about privacy is made nothing happens?
Actually, everyone is acutely aware of privacy in the first place and privacy awareness training rapidly becomes an exercise in CYA - as security expert Bruce Schneier might have put it - and have no effect whatsoever on the overall quality of development, customer privacy and company culture.

I guess we're still pretty naive about privacy and unless we have a cultural change this naivety will come back to haunt us for a very, very long time with some awful business repercussions.

Monday, 21 December 2015

Books on suggestions

Need a good book on privacy? A Gift for Christmas, or even something for the New Year....follow this handy flowchart:

From Amazon (US, CA, UK, DE, etc etc...), Barnes and Noble and good booksellers near you...

Privacy Engineering
A dataflow and ontological approach

ISBN-13: 978-1497569713
ISBN-10: 1497569710
264 Pages, B/W on White Paper

Twitter Discussion on Privacy and Engineering

Related with the upcoming DSummit conference in Malmö in May I've been involved in a fascinating discussion on Twitter with some of the big privacy people there.

The main point being raised is the need for a proper dialog between engineers and lawyers. I think we've seen this before, but still it is not being properly addressed and until it is privacy will remain a compliance activity rooted in a tick-box mentality with dreadful repercussions.

One only needs to take a look at the potential penalties in the EU's GDPR ... a potential fine of 4% of global turnover for a privacy violation!

The crux of this is that if you want to construct systems with privacy as an aspect, it has to be a first class aspect of that system's design. That means privacy is under the collective responsibility of lawyers, engineers and management and not the sole preserve of any of these groups.

Belief in high-level privacy impact assessments and "compliance", and placing trust in a legalese privacy policy is woefully insufficient, not to mention from a business perspective one step short of insanity.

Unfortunately going beyond this is considered by some - and I've seen too many examples of this - to be difficult and unnecessary and that legal compliance - whatever that means - is enough...

As we move to a "BigData" future, the knowledge of basic data handling, quality and governance at both engineering and legal levels is critical - not just for privacy but for basic business reasons, including consumer trust and quality of product.

How to do this is not difficult, but it does require thinking and small, but extremely beneficial cultural change...
and here's a recommendation to get those principles into use:
You can start here:Privacy Engineering and A Privacy Engineer's Manifesto

Tuesday, 1 December 2015

More Data Breach Excuses

This particular case reported on the BBC has a nice excuse...
Adele tickets: Fans claim personal data has been breachedFans buying tickets for Adele's tour have told the BBC they were shown the address and credit card details of customers other than themselves.
But several fans said they saw other people's shopping baskets, including payment details, upon check out.
Ticketing company Songkick said due to the "extreme load" on the site some customers could see others' account details. It apologised for any "alarm".
"At no time was anyone able to access another person's password, nor their payment or credit card details (which are not retained by Songkick)," it said.

Friday, 20 November 2015

ABCDE....DevOps and Privacy, pt 2

Earlier I introduced the idea that DevOps, particularly in the area of privacy could take lessons from trauma medicine, particularly in taking on board ideas from ATLS.

This led to some further ideas about the relationships or analogies between disciplines - something we've already discussed before in the context of surgery, aviation and checklists.

As software engineering is being brought closer and closer to the metaphorical coal-face - we've moved away from requirements up-front to agile and now to "DevOps" where engineering and operations become the same thing we are starting to see the need to move to much more structured and disciplined teams of engineers. If this isn't happening then there are some serious cultural and management problems.

As this shift happens we have to develop techniques to deal with this - as already mentioned checklists and ATLS provide the necessary kind of structures.

By why ATLS in particular? Well, we can draw an analogy between DevOps and trauma medicine in that DevOps operates with extremely short time-scales and in an environment where fixes and patches need to be very quick and leave the system in a stable state where a longer-term patch can be made later.

DevOps is the ER of the software engineering world.

Thursday, 19 November 2015

Airmiles and Customer Service

I think we're all used to utterly rubbish customer service from airlines, especially if you have to fly in economy class. No food, no drink, Byzantine terms and conditions, cancellations and subsequent rebookings that cost money (!!!), cramped seating and paying for Wifi on board without refunds if it doesn't work. Oh and good luck if you want to speak to a human, either on the phone or at the airport

Some airlines still have a concept of customer service - SAS and Lufthansa as well as low cost challenger Norwegian at least treat passengers (sorry customers) with some degree of dignity.

I stopped flying Finnair years ago and switched my allegiance to Lufthansa and Norwegian, primary on price. When Norwegian want 600eur to fly a family to Gatwick from Helsinki while Finnair wanted over 2500eur (on a BA flight too!) with effectively the same ticketing terms and conditions. For long haul Lufthansa is my preferred airline - they serve wine and beer with the meal (all included in the price) and have the most professional and hard working cabin crew I've so far come across.

While none of the above are perfect - they could do a HUGE amount more to make the economy experience better - more on that another time.

But what really gets me is that if times are economically tough for airlines, how little they do to actually understand their customer. I mean I used to fly Finnair religiously - their customer service was excellent, food and drink on board, clean aircraft and you could change flights without being punished. Let's be honest here, Finnair were excellent, really, really excellent! I used to change whole itineraries to fly Finnair....

If you want customers then shouldn't you understand why customers aren't flying with you. Isn't this the whole point of customer loyalty programmes?

Below is my Finnair Plus statement - it's been that way for years and not once have I ever been asked why...

So privacy, security and other aspects aside, if you have a customer loyalty card of any sort and change your behaviour, eg: by stopping using that company's services and they never query why, then you were probably never getting any service anyway...

I used to have quite a tally of Finnair points, they all expired or were changed to some newer, more customer friendly scheme, for the benefits of the customer. I was never informed why or when, nor did anyone ever contact me about the change. For a customer loyalty programme you've got to admit that's pretty dire.

So, if you happen to work in the customer service dept of an airline and wish to discuss the above and how you can win me back as a customer, and a loyal one at that, let me know...

Tuesday, 3 November 2015

DevOps and the ABC(DE[FG]) of Privacy

Or maybe this should be called the ATLS of privacy perhaps?  ATLS, or Advanced Trauma Life Support is a training programme for dealing with medical trauma incidents and is typically used by first responders such as paramedics to an incident.

Now as we move to a DevOps oriented model - think of a highly integrated Agile with a "right now" delivery timescale - then the way we will have to react to compliance, privacy impact assessments, privacy engineering etc is going to be on the same kind of time-scale. Certainly if we are late or delayed with the PIA then the product is going to be shipped - with some interesting security and privacy consequences certainly!

So, I conjecture it makes sense that we bring our PIA/compliance activities not just to the engineering level but also to the speed of development and operations.

This means that the PIA is going to have to be extremely focused and very strictly run. Effectively we need the DevOps privacy version of the medical ABC.

The question then becomes what is the equivalent to the medical ABC?

As I've stated before, privacy can [must] learn a lot of things from medicine (and aviation) - such as checklists - in that they both work in very agile, unstructured and reactive environments. Privacy in a DevOps situation can not rely upon traditional compliance or work at the usual, relative glacial speed associated with such work.


Ian Oliver (2015). Privacy as a Safety Critical Concept. 1st International Workshop on Privacy Engineering. California. (Keynote Talk)

Ian Oliver (2014). Privacy Engineering: A Data Flow and Ontological Approach. CreateSpace. 978-1497569713 (see:  )

Monday, 2 November 2015

Second International Workshop on Privacy Engineering (IWPE'16)

Second International Workshop on Privacy Engineering (IWPE'16)
Co-located with 37th IEEE Symposium on Security and Privacy

26 May 2016 - The Fairmont, San Jose, CA



Deadline for abstract submission: 18 January 2016
Deadline for paper submission: 8 February 2016
Notification of acceptance: 22 February 2016
Accepted paper camera-ready: 3 March 2016 

We are pleased to invite you to participate in the Second International Workshop on Privacy Engineering (IWPE'16).

Privacy engineering research has never been a more timely endeavor. Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide are seeking to strengthen individuals’ privacy by introducing legal and organizational frameworks that personal data collectors and processors must follow. As a result, engineers are increasingly expected to build and maintain systems that preserve privacy and comply with data protection standards in different ICT domains (such as health, energy, transportation, social computing, law enforcement, and public services) and on different infrastructures and architectures (such as cloud, grid, or mobile computing).

Although there is a consensus on the benefits of an engineering approach to privacy, few concrete proposals exist for models, methodologies, techniques and tools to support engineers and organizations in this endeavor. Work that focuses on helping organizations and software developers to identify and adopt appropriate privacy engineering methods, techniques and tools in their daily practices is also missing. Furthermore, it is difficult to systematically evaluate whether the systems developed using privacy engineering methodologies comply with legal frameworks, provide necessary technical assurances, and fulfill users’ privacy requirements.

Clearly, more research is needed in developing methods that can help translate legal and normative concepts, as well as user expectations, into systems requirements. There is also a growing need for techniques and tools to support organizations and engineers in developing and maintaining (socio-)technical systems that meet these requirements. In an effort to close the gaps in research, the topics of IWPE'16 include all aspects of privacy engineering, ranging from its theoretical foundations, engineering approaches and support infrastructures to its practical application in projects of different scales.

Specifically, we are seeking the following kinds of papers:
  1.  technical solution papers that illustrate a novel formalism, method or other research finding with preliminary evaluation;
  2.  experience and practice papers that describe a case study, challenge or lessons learned in a specific domain;
  3.  early evaluations of tools and techniques that support engineering tasks in privacy requirements, design, implementation, testing, etc.;
  4.  interdisciplinary studies or critical reviews of existing privacy engineering concepts, methods and frameworks; 
  5.  vision papers that take a clear position informed by evidence based on a thorough literature review.

IWPE’16 welcomes papers that focus on novel solutions based on recent developments in privacy engineering. Topics of interest include, but are not limited to:
  • Integrating law and policy compliance into the development process
  • Privacy impact assessment during software development
  • Privacy risk management models
  • Privacy breach recovery methods
  • Technical standards, heuristics and best practices for privacy engineering
  • Privacy engineering in technical standards
  • Privacy requirements elicitation and analysis methods
  • User privacy and data protection requirements
  • Management of privacy requirements with other system requirements
  • Privacy requirements implementation
  • Privacy engineering strategies and design patterns
  • Privacy-preserving architectures
  • Privacy engineering and databases
  • Privacy engineering in the context of interaction design and usability
  • Privacy testing and evaluation methods
  • Validation and verification of privacy requirements
  • Engineering of Privacy Enhancing Technologies (PETs)
  • Integration of PETs into systems
  • Models and approaches for the verification of privacy properties
  • Tools and formal languages supporting privacy engineering
  • Teaching and training privacy engineering
  • Adaptations of privacy engineering into specific software development processes
  • Pilots and real-world applications
  • Evaluation of privacy engineering methods, technologies and tools
  • Privacy engineering and accountability
  • Organizational, legal, political and economic aspects of privacy engineering

This topic list is not meant to be exhaustive, as IWPE'16 is interested in all aspects of privacy engineering. However, to screen out off-topic papers early in the review process, we request authors to submit an abstract prior to their paper submission. Abstracts of papers without a clear application to privacy engineering will be considered outside the scope of this workshop and may be rejected.



We solicit unpublished short position papers (up to 4 pages) and long papers reporting technical, research or industry experience (up to 8 pages) on all dimensions of the privacy engineering domain. Each paper, written in English, must follow IEEE Proceedings format. Submission of a paper should be regarded as a commitment that, should the paper be accepted, at least one of the authors will attend the workshop to present the paper.

Abstracts and papers must be submitted via EasyChair

All IWPE'16 Papers will be published in IEEE eXplore, which is indexed by EI Engineering Index, ISI Conference Proceedings Citation Index (CPCI-S), Scopus, etc.

Friday, 23 October 2015

Historial Navigation Techniques in the US Navy

This is an interesting development: a reintroduction of an "historical" technique to ostensibly address a problem introduced by a technology to make things simple(r).

The same techniques guided ancient Polynesians in the open Pacific and led Sir Ernest Shackleton to remote Antarctica, then oriented astronauts when Apollo 12 was disabled by lightning - the techniques of celestial navigation. 
A glimmer of the old lore has returned to the Naval Academy. 
Officials reinstated brief lessons in celestial navigation this year, nearly two decades after the full class was determined outdated and cut from the curriculum.
That decision, in the late 1990s, made national news and caused a stir among the old guard of navigators.
Maritime nostalgia, however, isn't behind the return.
Rather, the escalating threat of cyberattacks has led the Navy to dust off its tools to measure the angles of stars. 
After all, you can't hack a sextant.

Putting the political aspects of the GPS system aside, it is a single point of failure for navigation, at least until Galileo and GLONASS are properly supported by navigation devices. Furthermore, as the article mentions, the GPS system is open to attack from various vectors. The use of "legacy" (I love that word - It doesn't mean obsolete!) technologies such as the sextant address many of these issues.

For me the main thing here is that the sextant forces understanding of navigation - quite literally how coordinates are calculated which is something missing from GPS.

In other words, don't rely upon technology, or if you do, you'd better know how to drop back a level of automation...sounds is the basic premise of the 'Children of the Magenta' talk by American Airlines (see here for an earlier blog posting, the video might be available on YouTube somewhere).

Thursday, 22 October 2015

Tryweryn and Welsh Devolution

It has been fifty years since the flooding of the Tryweryn valley in Wales in order to create a reservoir for the city of Liverpool. This week also saw the publication of the planned reserved powers for the Welsh Assembly.

The planned reserved powers when coupled with the planned English Laws plan introduces an scenario where it becomes possible for English MPs to veto a Welsh Law in cases where there might be a perceived affect upon England. The reverse situation can not happen however.

This then raises all sorts of strange constitutional questions; such as does this invalidate the results of the 2011 referendum of law making powers for Wales?

Another point then in the definition of what sovereignty means.

If we place the above into the EU-UK then this becomes the heart of the debate about whether the UK should in in or out of the EU.

To give a more concrete example of the convoluted ideas of sovereignty and national responsibility there's the point made by John Elfed Jones, former chairman of Welsh Water that Wales should be allowed to sell its water to England. The analogy drawn between food and crops from eastern England and 'Scottish' oil should spawn a very interesting debate.

To finalise, we have confusion in the UK about what sovereignty and responsibility means. At one political-economic level we demand responsibility and sovereignty, but at others not at all. So where does the boundary exist between these concepts?


Wednesday, 21 October 2015

Happy Time Travelling Day

As today is the day when Marty McFly arrives in the future (or present as it is now - at least until tomorrow) I thought it might be fun to reference back to the only thing that makes Titanic a bearable film...the fact that it is a prequel to Terminator.

If Jack hadn't saved Rose then the ship would have turned around in search for her, thereby avoiding the collision with the iceberg...and all the things that would have entailed from that.

Obviously Jack's mission was to save Rose - presumably she's somehow related to Sarah Connor - and unfortunately 1500 people die in the collateral damage.

Don't believe me, go read the thread on Reddit 

I particularly like the idea that Jack is really The Doctor rescuing a relation to a future potential companion...Rose... :-)

Now scientists have searched for time travellers making comments on social media, apparently without success. But then again time travellers might have very strict rules about such seen in the 1992 film Timescape.

However there is evidence that Twitter featured on the cover of Amiga magazine in April 1988! Well, not quite..but you never know...

Anyway, next week's lottery numbers are 4,7,14,19,22,34 ... I think, sorry can't read my handwriting...

...oh, and I shouldn't say this, but next week James Cameron told me last week he was a time traveller....


Wednesday, 14 October 2015

Privacy Engineering Tutorial Slides (TrustCom)

Here are the publicly released slides from my privacy engineering tutorial given at TrustCom 2015 in Helsinki earlier this year.

The slides should be used in conjunction with the book - Privacy Engineering: a Data Flow and Ontological Approach - supporting this.

NB: I notice there are some formatting errors in the slides - this seems to come from SlideShare's conversion algorithm as the original PDF appears to be fine. 

The full session also included talks by Jonathan Fox (Intel/MacAfee) and Antti Vähä-Sipiliä (F-Secure)

Thursday, 24 September 2015

Pluto in colour

Just released colour image of Pluto...and you thought last week's image was incredible...

Friday, 21 August 2015


I'm pretty sure this is just hot water...

"Ceci n'est pas te."

Maybe we need a better semantics for what tea (and coffee) actually are... and not this kind of "treachery"!

Maybe it is homeopathic tea?

Tuesday, 18 August 2015

On Being Privacy Risk Adverse

Being risk adverse in [IT] system development isn't always a bad idea - consider mainframe technologies which are constructed to avoid any kind of failure bringing the whole system down, or not using the latest, greatest JavaScript library for your mission-critical web development...

Risk management in privacy has come to the fore of late, especially the with publication of the NIST standard of risk management. So today's conversation about being risk adverse and how one assess risk in privacy was extremely interesting.

Consider this:

Collecting personal data (or PII) is a risky activity and therefore must be minimised as much as possible.

The definition of personal data is very weak, but it is always best to consider almost everything personal data in case it is cross-referenced with other data (which would make it personal data)


Don't collect anything. Ever.

While extreme, it shows how a misplaced understanding is many aspects, including what is risk and the nature of information (personal data) can lead to extreme situations and conclusions.

While NIST is absolutely correct in its assessment that we need proper risk management procedures, how these relate to requirements, information type and all of the other privacy ontological structure is as yet very, very weak.

In fact, terms such as personal data and PII do not come even close to being in any form usable for risk management - for this we need to go much deeper into the nature of information. For example, instead of "personal data" we could use classifications on information type and a mapping from different kinds of data (of these types) to risk metrics (note the plural). An overall risk value can then be more accurately calculated - or at least be calculated on the basic of what information we actually have.

You can read more about this approach to privacy engineering in the book: Privacy Engineering - a dataflow and ontological approach.

Monday, 17 August 2015

Google Blogger and EU Cookie Laws

This is very kind of Google...providing you with an automatically generated privacy notice to European customers as detailed on the Blogger settings page:

This to me highlights a few problems with privacy laws and compliance:
  • Firstly, you have to understand EU privacy laws
  • You have to understand how to write such a notice
  • You have to understand what systems such as Google Analytics etc actually collect and process.
  • You might have to provide an opt-out mechanism such as Google's Analytics Opt-Out.
For 99.999% of bloggers (+/- a few %age points), I strongly doubt that any of this is understood or even known about at all.

So while Google might come in for some criticism for its dominance in the information gathering domain, they at least try to make things easier for their customers.

Then there's the EU Cookie Consent Kit which guides you through at least one part of the consent notice maze.

As an exercise, write a simple work out what privacy notice you should display. Just to make it interesting, you are not allowed to have any contact with a privacy lawyer nor anyone who has a detailed knowledge about such things.

This quote by Einstein (often misattributed to Feynmann) sums up privacy laws and the average person writing a blog:

You do not really understand something unless you can explain it to your grandmother

Our privacy laws have become so complicated and often so misaligned with technology that they can not be easily understood by the average Internet user.

Saturday, 15 August 2015

Internet Marketing (Humour)

People often ask privacy professionals how they lock down their PCs to prevent loss of their data, tracking etc, or whether they use Facebook, Twitter etc...well the truth is, privacy professionals tend to be quite selective on what they post, and in some cases, leave one or two browsers or PCs deliberately open for various reasons. One is to game advertisers, or maybe to examine what advertisers and marketers are actually doing.

One thing I have noticed is that certain retailers, for example Gigantti of Finland comes to mind, obviously pass my purchase details on to some marketer/advertiser. I don't ever remember being asked to opt-out of this, but, I do now get adverts for the things I've just bought. They could redirect their advertising budget and remove a few middle managers and save a pile of cash instead...

Then there's things like this:

I must admit I love these; I never click on them, but without such crap as this, the Internet would be a lot less let's start.

Top left...doctors are annoyed at a 53 yo mother because she's found a miracle cure to wrinkles. I'm actually more surprised that it isn't cosmetic companies who are annoyed - surely they're the ones who'll be put out of business. I think doctors (even cosmetic surgeons!) have much more important things to worry about. Then you have to ask, "Who is this woman?"  Surely if she's upset so many doctors and discovered a miracle cure for wrinkles why isn't she on magazines, TV or even Oprah?!

Top women don't want other diets, just a pill that is exceptionally powerful. I guess this is some kind of diet pill and again I'm sure dieting companies would be more than interested in this, but...On the other hand I'm not sure that most women want to go from being normal and healthy to a misproportioned anorexic.

Top right...same again, except a selfie-obsessed, European looking blonde (so it isn't just asian women who know about this) receives a malformed, badly photoshopped lower body by using some secret Asian fat burning trick...

Bottom left...SIPOO?!?! If there are millionaires in Sipoo with that kind of yacht then they're probably getting its wreckage salvaged from the islands in the archipelago after they've run aground. Monaco would have been better idea with that size of yacht and the climate better for all those trees and the swimming pool. Nice use of IP geo-location to personalise that advert to me; almost had me fooled for a moment.

Bottom middle...I have those vegetables in my fridge: broccoli and coriander...sorry, kale and cilantro. Another interesting medical claim and I'm left wondering how those vegetables target those specific areas of your body and how this hasn't been discovered before given that we humans do eat quite a variety of vegetables. I wonder what would happen if you would dilute these vegetables in a big vat of water, shake it, dilute it again, shake it and so on until only a trace of the memory of the vegetables is left?

Bottom right...this is easy for a privacy professional, the EU have already come to your rescue with the Right to be Forgotten. Though I guess if getting out of your Ferrari while posting for the waiting paparazzi is your thing, then the right to be forgotten is probably way down on your list of things to worry about. Unless of course there's that picture in Hello magazine of your looking frumpy and which cases I can recommend a miracle pill and two vegetables to help, and if there's any left over skin after the diet, there's a 53yo mother you can talk to; assuming you can get past the rioting throngs of doctors baying for her blood...

Marketing and advertising with a touch of personalisation, the Internet wouldn't be the same without it :-)

Thursday, 13 August 2015

A Privacy Mind Map

I found this in my archives, basically a mind map of thoughts I had on privacy as viewed in different contexts at that time. I won't write more for the moment, but I'll place the mind map here as it might be interesting, or even spark a discussion to two...

A Privacy Mind-Map

Tuesday, 21 July 2015

Privacy Engineering Tutorial at TrustCom 2015

Privacy Engineering Tutorial
Held in Conjunction with TrustCom 2015 Helsinki, Finland

Friday 21, August 2015

10h05-11h50 – Session I

The Privacy Engineer’s Manifesto
Jonathan Fox, Michelle Dennedy, Intel/McAfee

“The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value is the first book of its kind, offering industry-proven solutions that go beyond mere theory and adding lucid perspectives on the challenges and opportunities raised with the emerging "personal" information economy”

In this session you will learn the guiding principles of privacy engineering; how legal, management, business and process interact, and gain the foundational knowledge for implementation of a privacy engineering programme.

13h10-14h55 – Session II

Invited Talk: Software Engineering Aspects of Privacy
Antti Vähä-Sipiliä, F-Secure

Software security initiatives are becoming more common. We'll cover how privacy engineering can be supported by real-life security practices, and how a modern software development organisation can integrate privacy engineering in both requirements and delivery activities

In this session you will obtain a deep insight into how privacy engineering practices have been applied in a real-world scenario.

15h15-17h00 – Session III

Privacy Engineering
Ian Oliver, Nokia

To construct information systems from small mobile 'apps' to huge, heterogeneous, cloudified systems requires merging together skills from software engineering, legal, security and many other disciplines - including some outside of these fields! Only through properly modelling the system under development can we fully appreciate the complexity of where personal data and information flows; and more importantly, effectively communicate this.

In this session aspects of modeling systems and terminology/ontologies for privacy are presented. This will enable you to better understand, communication and reason about the privacy (and security) aspects of your systems. This session also presents how models of a system, requirements and risk analysis fit together. The session concludes with an overview of analysis techniques such as FMEA, RCA and process integration and auditing will also be presented.

Supporting Material

The tutorials draw upon the material presented in the following books:
  • Ian Oliver (2014). Privacy Engineering: A Dataflow and Ontological Approach. CreateSpace Independent Publishing. 978-1497569713,
  • Michelle Dennedy, Jonathan Fox, Thomas Finneran (2014). The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value. APress. 978-1430263555

Warning: Coffee Might Kill You

So, I found out recently that coffee might kill you. Seriously, it is a dangerous substance - almost as dangerous as a 110ml bottle of water is to your safety on an aircraft (but a 1 litre bottle of something alcoholic bought at duty free isn't) - and here's the proof (seen in a Starbucks in San Jose, CA):

Proposition 65 Warning Notice: "Coffee Might Kill You"

I'm not actually sure whether that has stopped anyone from buying coffee (or tea for that matter), ever. I suppose you could switch to that decaf muck, but you're probably going to die of something equally horrible then too.

I guess some lawyers and/or politicians need to cover their asses...

Monday, 20 July 2015

International Workshop on 5G Security - Programme

The 1st IEEE International Workshop on 5G Security held in conjunction with IEEE TrustCom-15

There is a fast on-going change in the technical architectures and topologies of the Internet: in the near future 5G and next generation 4G/LTE network architectures will be based on or migrated to Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network operation, traffic management and introducing new and novel security challenges. Aspects such as security of orchestration, management functionality as well as surveillance and privacy are brought to the fore. At the same time they introduce new ways of dealing with attack prevention, management and recovery.

The one-day workshop will consist of papers, presentations and demonstrations on the subject of advanced network security. While primarily related to 5G networks, experiences from 4G/LTE, 3G and earlier, including case studies on practicalities of known attacks and novel attack vectors will be considered for acceptance. An invited keynote speech will be given setting out the overall area of security in network development and operations.

IW5GS Programme
TrustCom 2015 Helsinki, Finland
Friday 21, August 2015

10h05-11h50 – Session I
  • Ian Oliver, Silke Holtmanns, Workshop Opening
  • Günther Horn and Peter Schneider, Towards 5G Security
  • Siddharth Prakash Rao, Silke Holtmanns, Ian Oliver and Tuomas Aura. Unblocking stolen mobile devices using SS7-MAP vulnerabilities
  • Vikramajeet Khatri and Joerg Abendroth, Mobile Guard Demo - Network Based Malware Detection
13h10-14h55 – Session II
  • Ian Oliver, Aspects of 5G Security
  • Nicolae Paladi and Christian Gehrmann. Towards Secure SDN-based Multi-tenant Virtualized Networks
  • Elena Dubrova, Mats Näslund and Göran Selander. CRC-Based Message Authentication for 5G Mobile Technology
  • Prajwol Kumar Nakarmi, Oscar Ohlsson and Michael Liljenstam. An Air Interface Signaling Protection Function for Mobile Networks: GSM Experiments and Beyond
15h15-17h00 – Session III
  • Bengt Shalin, keynote talk
  • Mingjun Wang and Zheng Yan. Security in D2D Communications: A Review
  • Karl Norrman, Mats Näslund, Bengt Sahlin and Jari Arkko. A USIM compatible 5G AKA protocol with perfect forward secrecy
  • Silke Holtmanns,Ian Oliver, Workshop Closing

Friday, 17 July 2015

Privacy Engineering Book, 1 Year since publication

On the 18th of July, 2014 I published my first book: Privacy Engineering, a dataflow and ontological approach.

So, happy birthday to my book and the story of its writing can be found on this blog (here!). :-)

Since then I've been privileged to have invited talks at the IAPP's DP Intensive, IWPE 2015, various university lectures, an EIT SIG on Privacy, a semi-regular column on the IAPP's Privacy Tech blog and many other unexpected places - all to talk about the ideas in this book. Next up is a tutorial session at TrustCom 2015 in Helsinki in August with the authors of my "rival" book, The Privacy Engineer's Manifesto: Michelle Dennedy and Jonathan Fox of McAfee/Intel.

And it does feel good to call oneself "an author" one an air of gravitas...maybe I should start drinking absinthe and discuss philosophy while smoking a pipe?

So what's next? Well, a second book concentrating more on the modelling analysis should appear later this year - tentatively in December. Here's a preview of the cover:

Privacy Engineering is available on Amazon UKAmazon US (as well as where ever else Amazon has sites), Barnes and Noble, CDON (Finland) and CreateSpace itself

* * *

Privacy Engineering: A Data Flow and Ontological Approach by Ian Oliver, 18 July 2014 (CreateSpace Independent Publishing). ISBN-13: 978-1497569713 ISBN-10: 1497569710 264 Pages, B/W on White Paper

Tuesday, 14 July 2015


Finally :-)  Not a lot to say about this one except this fantastic picture from NASA:

Pluto (C)2015 NASA

How not to collect data

Would you give your personal details to someone without knowing what they're going to be used for? How about if I said, "give me your name, email address and post code" and I'll make you a member of our exclusive most-favoured customer club? But, I'm not going to tell you what the terms and conditions are, how I'll use the data or even who I am except by vague implication in the latter case?

How about if I wrote the above on a piece of paper and left it on an official looking stand in a shop...yes?

Seen in a shop in Finland:

The text says:

Join now as a favoured customer and you'll hear always as the first about our fantastic offers and wonderful happenings. 
If you want to join as our favoured customer just fill this form with the needed information and hand it to the staff and we will take care of the rest. 

I tried asking the store staff but they say it is a different company's problem and they have no idea of how the forms will be used. So far I've had no luck in contacting the company to which the forms probably belong...

Wednesday, 8 July 2015


Edward Tufte is well known for his work on textual and graphic presentations. His books, starting with The Visual Display of Quantitative Information are written with a very specific style, particularly in the way the pages are organised. Tufte uses wide margins which enforce the writing of side nodes.
For users of LaTeX there is a very good package called tufte-latex for emulating this style. I used this for the writing of the Privacy Engineering book [1], as an example page below shows:
Extract from book: Privacy Engineering -
showing the Tufte style of page layout

There is a Google group for the discussion of the tufte-latex package, but I'll reproduce here my experiences of using this package so maybe a wider audience gets to know about this and how they might too use this excellent LaTeX package.

Originally written 20 July 2014, tufte-latex Google Group

Just a few experiences on self-publishing and the Tufte-LaTeX style - I noticed a few questions and after going through this process successfully (yay!) I'll offer some thoughts here.

Firstly, I looked at a number of self-publishers, Lulu, CreateSpace etc. Of these CreateSpace gives the best options from book styles (colour, B/W, sizes), ISBN options, marketing etc. YMMV of course.

In the end I chose a 7x9 inch format for an academic text book, B/W printing on white paper. CreateSpace assigned the ISBN and deal with the purchasing and printing, plus the sales channels which are fairly extensive. The main problem is that you don't get an editor nor deadlines :-)   So spelling checking is going to be your responsibility. You also don't get an advance from the publisher either, so no Ferrari while you complete your masterpiece....

My set up is as follows:
  • Sublime and vi editors
  • Bibtex
  • Pdflatex
  • Microsoft Visio Professional
running on Windows, MacOSX, Linux as necessary. Whether you like Visio or not, it is the best diagramming tool. You might also need Gimp for cropping pictures.

Actually, running LaTeX with the Tufte style is no more difficult than anything else in LaTeX but there are a few considerations:

  1. Tufte gives ample room for side notes - great for references and additional comments, marginalia etc

  2. You can no longer say things like "as demonstrated in [34]" because the reference number appears as a superscript. This changes the style of sentence in that you must explain what you're talking about instead of relying on the reader referring to the reference.

  3. Diagrams:  be very careful with figure* and figure.  Most of the time  figure  is fine and try to keep the diagram within the margins of the main body of text. Sometimes it is necessary to use the full width, but sparingly IMHO

  4. Tables: I used the full width unless the table was particularly simple.  So  table*  for most.

  5. Labels: Didn't use as \ref{label name} doesn't give the section number. I suppose you could reference back to page, but (see #2) you can change your style of writing to make everything stand-alone. Actually I did refer back to figures and tables as necessary.

  6. Margins... I actually hacked tufts-common.def (see below)

  7. Tables again: see below for the Latex formatting not to use vertical lines - works well.

  8. Diagrams again: 300dpi minimum. I actually used 600dpi PNG files for inclusion in the text. If you export from PowerPoint this is going to be a big problem, but there are instructions to force PPT to export at 300dpi by adding things to the registry (fun!)

  9. Justified text for the body and sans serif sidenotes looks great!

I should have used \geometry but this was my method. I added between the A4paper and B5paper sections to tufte-common.def:

%%%%%%%%%%%%%%%%% IAN 7.44 by 9.69 inches

Then later in the file (Search for a4paper and put it after there):

%%%%%%%%%%%%%%%%%%%%IANPAPER DEFINITION
%%%% 7.44in x 9.69in  == 18.898cm x 24.613 cm
%Another modification for 300 page manuscript on CreateSpace

You'll need to play with the margins to get CreateSpace's previewer to stop reporting errors regarding the sizes and gutter etc. But you HAVE to do this anyway to get the book published regardless of whether you using Word, LaTeX etc. Now you can use the above as a document style, ie:


When working with margins the showframe package is very, very helpful:



 You need to work with the p{size} options quite a bit to get these perfect...lots of LaTeX recompiling sorry. For example, the following extract gives an idea:

    \begin{tabular}{  p{2.2cm}  p{2.2cm}  p{4.2cm}  p{1.5cm}  p{2.9cm} }
 & \textbf{Adult} &  \textbf{Child} &  \textbf{System} &  \textbf{External} \\ \hline\hline
Collection & Allowed, with consent & As per COPPA, but generally not allowed & Allowed & As per agreements \\ \hline
   \caption[][0.5cm]{Example Policy Level Provenance Classification Requirements}

I found that a double line after the title and single horizontal lines elsewhere looks good IMHO

Citations, Sidenotes, Captions and Marginalia:

This is going to be the biggest headache!!!

Don't fiddle with the layout of these until you've reached your final, final draft. I noticed that various PDF views won't show text outside the margins so things seem to disappear only to reappear in CreateSpace's previewer which tells you about these things. Once the text is finalised then work with moving these elements up and down to make the fit within the vertical margins of the page. Much trial and error. Note that captions take 3 parameters, sidenotes just 2 ... this caught me a few times!

Also, sometimes text in \url{} or unsplittable text exceeds the horizontal margins...YMMV and you'll have to find a work around. Again for these aspects the showframe package is very helpful.

TOC, Indexes:

ToC depth should be 1 otherwise the ToC becomes too long, even though I used subsections, these don't appear in the ToC. The list of tables and figures doesn't follow the ToC style, but given the length of the latter in my case I'm pretty happy about this! This could be moved to the back matter if you want, depending upon what you're writing of course.

makeindex for some reason did not work - I could not get indexes to work at all... :-(   No idea why but in the end writing was more important than typesetting and indexes at that stage.

Font size:

I used \small with all the tables but didn't see a huge difference in font size. \tiny works, but that way too small. Otherwise things like \Huge etc work fine. Don't forget \normalsize after you've changed the font size temporarily :-)

So, overall Tufte-LaTeX is fairly easy to use with CreateSpace...thanks to all who gave help and worked on this style: it really does look fantastic in print! If you want to see the book you can go here:   and navigate to Amazon - I think there might be a preview available. However the conversion to Kindle is always a little problematical from what I've heard but then again not a lot you can do about that. Kindle doesn't like tables and sometimes the sidenotes get mixed in the text.

My preamble looks something like this:

Note I have two documentclass lines so I can swap between A4 for printing on rather obstinate HP laser printer and the 7x9 for the real version. Showframe is commented out here. A few other things I found on these groups such as the paragraph indentations etc. I changed the parskip here.
TOC depth I set to 1 otherwise the ToC becomes too long.





%package to get copyright symbol

% Paragraph indentation and separation for normal text

% Paragraph indentation and separation for marginal text





\title{Privacy Engineering} % Title of the book
\author[I. Oliver]{Ian Oliver} % Author



\tableofcontents \thispagestyle{empty}
\listoffigures \thispagestyle{empty}
\listoftables \thispagestyle{empty}


%lots of skipped chapters!!


* * *


[1] Ian Oliver. Privacy Engineering: a data flow and ontological approach. CreateSpace Independent Publishing.