06 Privacy Tools

Question 1

Why is it helpful to look for privacy threats in addition to security threat?

Answer 1

Privacy is no less important that security. People usually act to protect their privacy given an understanding of the threats and how they can address them.

Question 2

What is a harm?

Answer 2

A harm is a threat with its impact.

Question 3

Why threat modeling for privacy issues is important?

Answer 3

Much like security threats violate a required security property, privacy threats are where a required privacy property is violated.

Question 4

Why defining privacy requirements is a delicate balance?

Answer 4

First, the organization offering a service may want or even need a lot of information that the people using the service don’t want to provide.

Second, people have very different perception of what privacy is, and what data is private, and those perceptions change with time.

Lastly, most people are “privacy pragmatists” and will make value tradeoffs for personal information.

Question 5

What are the different tools to threat model privacy?

Answer 5

1. Solove’s taxonomy of privacy harms
2. IETF’s “Privacy Considerations for Internet Protocols”
3. Privacy Impact Assessments (PIAs)
4. Nymity Slider
5. Contextual Integrity
6. LINDDUN approach

Question 6

What does LINDDUN stand for?

Answer 6

Linkability
Identifiability
Non-Repudiation
Detectability
Disclosure of information
Content Unawareness
Policy and consent Noncompliance