[Introduction]Privacy and security are one of the eternal themes in the computer field. The large model itself is an advanced productivity that can, to a large extent, promote technological progress and expand the scope of applications. However, at the same time, the application of large models may also bring privacy and security challenges. For example, the combination of federated learning and large models currently faces many challenges, including security threats and defenses, privacy threats and enhancements, efficiency issues, and processing of non-independent and identically distributed (Non-IID) data. These issues may pose potential threats to user privacy.
The important point is how to use large models to "fight" your own risks. For example, we can use large models to evaluate the generated content, or optimize the data stratification of large models through methods such as randomness and anonymization in privacy computing, thereby improving the performance of privacy computing itself.
Let’s go back to privacy itself. Data can only generate value if it is exchanged. However, private data wants to be protected and does not want to be used for exchange, so the so-called “privacy” paradox arises.
1. About the privacy paradox
Privacy Paradox is a widespread phenomenon in modern society, which reveals people's ambivalence when facing privacy issues. Specifically, the privacy paradox refers to the divergence between privacy attitudes and behaviors, that is, users are generally worried that their private information will be leaked, but at the same time they are willing to disclose their privacy.
The emergence of this phenomenon reflects people’s complex views and behavioral patterns on privacy in modern society. On the one hand, with the development of information technology, people's lives are increasingly dependent on the Internet and digital devices, which makes the collection, storage and use of personal information easier. Therefore, people's concerns about their private information being misused or leaked have also increased. They worry that their personal information may be used for illegal purposes, such as fraud, harassment, or even identity theft.
On the other hand, although people are highly concerned and worried about privacy protection, they often choose to ignore these risks in actual actions. They may believe that disclosure of personal information is acceptable as long as they can obtain better services or products. In addition, some people may also lack sufficient knowledge and skills to protect their privacy, or they believe that privacy protection requires extra effort and cost, so they choose to "give up" this part of their rights.
Research on the privacy paradox was originally published in Medicine . As early as 1998, analysts conducted an experiment that required patients' permission to use or publish patient clinical materials. However, patients did not want "private" information to be made public, so they received strong resistance from patients. Interestingly, when the researchers gave an authoritative explanation, the patients' attitudes changed. Researchers believe that reasonable explanations or trust can cause individuals to behave in ways that appear less reasonable, such as exposing privacy.
Subsequently, the research gradually extended to the field of consumer behavior. Researchers who interviewed consumers who used coupons found that although consumers expressed strong concerns about their private information being collected, they still exchanged personal information in order to be able to use coupons. Nowadays, the same is true for a certain letter and a certain treasure. People are more concerned about current benefits than future risks. Therefore, people will not adopt strict privacy protection because of uncertainty about future benefits.
The current privacy paradox research system is as follows:
At that time, Baidu CEO Robin Li once said: "Chinese people do not pay attention to privacy. If they can, they are more willing to trade privacy for convenience." This sentence triggered scholars' thinking about citizens' privacy awareness in the digital age. This is because they will comprehensively consider the risks and expected benefits of privacy disclosure when making privacy disclosures. When the expected benefits outweigh the risks, they are more likely to choose to disclose privacy. This explains the privacy paradox phenomenon to a certain extent.
The privacy computing model is the most commonly used model in current privacy research. The individual privacy calculation process explains the contradictory behavior that occurs between privacy concerns and privacy behaviors, that is, users make privacy disclosure decisions after consciously weighing the expected losses and potential gains of privacy disclosure. Privacy protection also needs to be implemented systematically from the engineering aspect, so privacy design and privacy engineering emerged.
2. Privacy by design
The privacy design concept proposes to expand the application of privacy computing technology into a complete privacy design framework and proactively embed privacy protection into information technology, network infrastructure, and business practices.
The principles of privacy by design are as follows:
The privacy design concept and its principles are gradually recognized by regulatory agencies and international organizations in various countries, and have become an important theoretical basis for promoting the development of privacy protection. For example, the European Union’s General Data Protection Regulation (“GDPR”), which came into effect in 2018, incorporates the privacy design concept into Article 20 “Data Protection by Design and by Default”.
The emergence and development of privacy design marks the rise of a new privacy protection paradigm, providing new ideas for more complete privacy protection.
3.Privacy Engineering
Privacy Engineering is formed by embodying the principles of privacy design and forming a methodology that can directly guide actual research and development and solve different privacy needs in specific fields.
Our country officially released the "Personal Information Security Engineering Guidelines" in 2022. The standard defines personal information security engineering, or "privacy engineering," as "an engineering process that integrates personal information security principles and requirements into every stage of product and service planning and construction, so that personal information security requirements are effectively implemented in products and services." Generally, privacy engineering is defined as “the engineering practice of integrating privacy concerns into system and software engineering life cycle processes.”
The mapping relationship between the goals of privacy engineering and the privacy principles designed in the Personal Protection Law is shown in the figure below:
The main contents of privacy engineering include:
Organizational personnel: From the aspects of organizational structure, job responsibilities, awareness skills, etc., we conduct human resource management, establish communication mechanisms, and improve privacy engineering skills to build an organizational foundation for the smooth implementation of privacy engineering.
Technical tools: Use technical tools to implement personal information protection requirements in the data processing activities of products/services, or use technical tools in internal management to identify and manage personal information protection risks.
Document management: The planning, execution plan, operation records, and improvement tracking of the implementation of the privacy project are all recorded in documents and managed systematically.
Knowledge management: Identify the components of the privacy engineering knowledge base, form a usable privacy engineering knowledge base, and track and analyze its usage.
System development life cycle privacy management: Embedding personal information protection requirements in the software development process of requirements, design, development, testing and deployment, refer to the content of the "Personal Information Security Engineering Guide".
Third-party cooperation management: Consider privacy protection issues and form a full-process management mechanism in terms of third-party access screening, contract signing, tracking and monitoring, risk assessment and exit.
Protection of personal rights: Develop systematic control strategies and processes for the authorization, personalization, response and processing of rights requests for users' personal information rights.
Privacy security incident management: Develop privacy security emergency plans and conduct regular drills, and establish incident monitoring, handling, reporting and notification processes.
Privacy risk management: Establish a privacy risk management system and form a standardized management mechanism and operating system for the identification, analysis, evaluation, disposal and monitoring of privacy risks.
The implementation process of privacy engineering covers the entire life cycle of the system, as follows:
4. Two examples of privacy engineering practices
As a mobile phone manufacturer and Internet application platform, OPPO has gradually established a set of privacy engineering practices based on its own business characteristics. During the system construction process, we pay attention to the security and privacy needs of consumers, business departments, three-party partners, regulatory authorities and other related parties. By investigating industry trends and consumer needs, we improve personnel's security capabilities and awareness through training and publicity, and by building product security and privacy features to enhance the security and privacy experience of products. Finally, OPPO has also established a testing and evaluation mechanism to conduct timely evaluations of the security system, identify problems, and promptly correct and improve them, thereby establishing a self-certifying compliance system.
AmberGroup's data security and privacy protection framework is based on the NIST privacy framework, which integrates the requirements of the data security capability maturity model and the information security and privacy information management system, and combines it with cloud-native DLP technical capabilities to form a privacy protection platform with Web3 and digital asset fields. Featured comprehensive framework. The framework is divided into 5 modules, including identification, governance, protection, interaction and internal control. By embedding privacy engineering into the DevSecOps product development process, the product development process can consider privacy protection as early as possible to achieve the goal of "security and privacy shift left" to prevent privacy compliance such as data abuse, data misuse, and data leakage within the organization. risk.
5. Summary
The privacy paradox is an interesting phenomenon. Through good privacy design practices, companies can win the favor of more customers, increase brand effect, and achieve revenue growth. When companies provide high-quality products and services through privacy engineering, compliance disputes will be reduced and the company's credibility will be improved. Privacy engineering integrates the need for privacy protection into the software development life cycle and organizational and technical management processes, and is an engineering practice that has the opportunity to exert greater value.
[Reference materials and related reading]
Ann Cavoukian:《Privacy by Design. The 7 Foundational Principles》
Liu Ting, Deng Shengli: "A Review of Foreign Privacy Paradox Research"
Xie Xingzheng, Cai Nianzhong, Huang Zhiming, et al.: "A preliminary study on the influencing factors of social media users' privacy paradox behavior"
Hu Kaijian: "Privacy By Design Theoretical Architecture and Technical Practice"
Big Data Technology Standards Promotion Committee: "Privacy Engineering White Paper"
Thoughts on the integration of privacy computing and blockchain
A smattering of trusted execution environments in private computing