Decision support in privacy and
security – The PRISMS DSS
David Barnard-Wills
Trilateral Research & Consulting
[email protected]
@DBarnardWills
PRISMS – Privacy and security
mirrors
• FP7-SEC-2011-1
• 2012-2015
• Fraunhofer ISI,
Trilateral, VUB, TNO,
Uni. Edinburgh, Eötvös
Károly Policy Institute,
ZUYD & IPSOS MORI
• Challenge the
metaphor/model of the
“trade-off” between
privacy and security.
• Includes a Decision
support system to allow
security decision
makers to implement
security measure which
minimise the impact on
privacy
The particular problem of
DECISION SUPPORT SYSTEMS
IN PRIVACY AND SECURITY
Decision Support Systems?
Tools to guide decision makers in
complex decisions.
Support difficult (less structured) decisions
Correct/counter systematic errors, biases, and
deficiencies in decision making.
Combine models with data capture
Align decisions with process/policy/legal requirements
Document a decision process
Can take multiple forms
Security and privacy decisions
• The security investment decision in response to a
security problem
– These decisions are made
– And there is some limit or problem with the way they
are made
•
•
•
•
•
•
•
•
Institutional or cultural privileging of security over privacy
Responsibility for security (not for privacy)
Focus on (new, shiny, surveillant) technologies / solutionism
Push from security vendors (“look at this cool toy!”)
Path dependency (“this is how we did it before”)
Lack of evaluation (“of course CCTV prevents crime”)
Discounting externalities (“benefits us, costs elsewhere”)
Lack of transparency (“security through obscurity”).
Security and privacy decisions
• How to move from:
– “How to maximise security?”
• To:
– “how to implement appropriate security measures
and respond to a threat, whilst minimising the
impact on privacy of individuals and groups?”
• (without ending up with:
– “how can this security measure be legitimated?)
Problems and criticism
• “Problem solving theory”
– Accepting of status-quo security politics,
institutions, securitisation, privileging of security
etc.
• Manipulatable / gameable
• Don’t/won’t/can’t solve important privacy
problems
Designing and building
THE PRISMS DSS
PRISMS DSS approach
• Hybrid of a Privacy Impact Assessment
and a participatory technology assessment
exercise
– (in a framework built around the theoretical
assumptions and empirical findings from the
PRISMS research).
• Not automated
– Doesn’t contain all the data needed to spit out
answers
– prompts data collection
START
Request for security measures against Threat
Preparatory phase
Evidence basis
Threat
analysis
Identification
security
measures
Effectiveness
of security
measures
Alternatives
to proposed
measures
Key Stakeholders / Security Investor / Public Authorities / Public at large
assessment phase
Evidence basis
Legitimacy of
the purpose
Privacy
dimensions
Impacts and
Experiences
Compliance
assessment
Consultation with Stakeholders
Mitigation phase
Evidence basis
Mitigation
possible
Mitigation of
red flags
Filte
r
Mitigation by
reconfiguratio
n
Mitigation to
better meet
citizens
concerns
No mitigation
possible
Consultation with Stakeholders
reporting phase
Pros and
cons
The wider
societal
context
Constraints
and limits
END
Management
summary
Methods
• Procedurally equal footing for privacy with
security
• Challenge the problem definition (and enrich
it with external perspectives)
• Reflexive questioning
• Inclusion of genuine alternatives
• Mitigate as many sources of privacy
harms as possible
• Social impacts and surveillances harms,
not just individual privacy
Transparency?
Procedural justice vs
outcomes?
Necessary design
activity & skills?
DSS as research intervention:
open questions…
Thank you.
David Barnard-Wills
Trilateral Research & Consulting
[email protected]
@dbarnardwills