Tag Archives: privacy

[devnexus 2026] privacy by design (pdb) in devsecops

Posted on by
Reply

Speaker: Anita Dakamarri

See the DevNexus live blog table of contents for more posts

Why developers

  • Developers are first line of defense
  • Gap between dev and security teams. Rivals a decade ago. Now same time. Rivals are attackers outside
  • Developers use untrusted images to meet deadlines
  • Business people/leadership want it fast and bypass security. Then blame developers and security people
  • No software is vulnerability free. Goal is to reduce vulnerabilities.

Famous Data Privacy Breaches

  • Equifax – in 2017 – unpatched Struts vulnerability. Got Social security numbers, birthdates, etc for 147 million people. Cost over 1.3 billion. Fired security people and executives
  • United Health – in 2024 – Ransomware attack on Citrix remote access portal without MFA. Exposed medical, insuring, billing and personal data of 192 million people. Billions in recovery costs, ransom of $22 million and lost revenue
  • BadeSaba Calendar App – in late February/early March – Iranian app hacked to include messages like “help has arrived”

Privacy By Design Principles

  • Proactive, not reactive. Preventative not remedial
  • Privacy as the default setting (ex: car automatically has a seatbelt)
  • Privacy embedded into design
  • Full functionality, postive sum, not zero sum
  • End to end security; full lifecycle protection
  • Visibility and transparency; keep it open
  • Respect for user privacy; keep it user centric

Requirements/planning

  • Identify personal data early
  • Minimize data collection
  • Definite lawful purpose and retention
  • Conduct privacy assessments PIA (privacy impact assessment) /DPIA (data protection impact assessment)
  • Translate privacy laws into requirements – ex: GDPR, CCPA (California Consumer Privacy Act)/CPRA (California Privacy Rights Act)/ HIPPA). Requirements include consent, access and deletion

Code with privacy

  • Avoid hardcoding sensitive data – Never embed secets, API keys or personal data in code/configs
  • Mask/redact personal data – especially in logs/error messages/debugging
  • Implement strong encryption – user modern, vetted crypto libraries
  • Validate data inputs – prevent injection/data poisoning attacks
  • Build deletion and portability features – ensure data can be deleted/exported programmatically

Testing

  • Test privacy requirements
  • Use anonymous or synthetic test data
  • Perform security and praivacy testing

Deploy and Release

  • Secure configurations
  • Enforce encryption everywhere
  • Apply access controls
  • Document privacy notices

Runtime and Operations

  • Runtime privacy practices – monitor access to sensitive data, alert on anomalous data queries, automatically enforce retention policies, tokenize/anonymize analytics dat
  • Incident readiness – breach detection hooks, pre defined response playbooks, forensic ready audit logs

Shift left

  • Security requirements
  • Diagrams – dataflow, network flow, authentication flow
  • Supply chain risks
  • SAST
  • SCA/BOM
  • Secure coding standards
  • Secure coding training
  • DAST
  • Autonomous testing
  • Document security issues

Key takeaways

  • Privacy must be treated like availability – must have requirement
  • privacy + security + usability at a time is possible and cost effective
  • Challenge is invisible data flows in modern architectures
  • Privacy is blurred with AI – ex: cameras on street, airport
  • Shortage of privacy + AI skilled engineers

My take

Good end to the day. I learned some acronyms like DPIA and CCPA. So nice to see a session about privacy and not just security overall. I like the checklist by lifecycle phase slides.

[kcdc 2025] ai killed your privacy tools

Posted on by
Reply

Speaker: Ben Dechrai

Bluesky: ‪@bendechr.ai‬

For more see the table of contents

General

  • Privacy risks
  • We thought robots would do physical labor for us so we could relax. Like Rosie on the Jetsons
  • Have robots to clean floors, mow lawns, farming, build cars. They are single purpose.
  • Best robots are software
  • Single purpose robots so good because software focused on that one thing
  • Child can lift an apple. Cool that a humanoid robot can, but not game changing
  • Identify location from picture based on background
  • Much faster than a human comparing images
  • AI gives statistically most likely next word
  • Humans don’t like to be wrong. LLMs modeled from human data so also don’t like to be wrong and will make stuff up. Have to include in prompt not to do that.

Creativity vs Imagination

  • Our downfall is how successful this is. Killing creativity
  • Creativity and imagination are different.
  • Creativity is making a sandwich
  • Imagination is what goes into the sandwich

Australia experiment

  • Do census every 5 years
  • Tried to map 5% of data from 2011 to 2006
  • In 2016, stored with profile for 18 months
  • Said would keep info anonymous. It was not.
  • SLK581 – statistical linkage key 581. 14 character key as unique id
  • Didn’t make it anonymous. Was algorithmic to generate this key from last name, birthdate and gender
  • Many hashing algorithms generate hash of distinct types so know which one used. Then can create rainbow table for that algorithm for census database.
  • Knowing the pattern for how the key was generated greatly reduces the number of hashes. 36K hashes if know any persons name. That lets find the seed the hashing algorithm used.
  • This isn’t even AI; its programmatic.
  • Ask LLM to find information in the data set. Ex: find people who match a profession.
  • Play with at https://slk581.bendechr.ai

Cross Platform Identity Linking

  • Match patterns across social media accounts to link “anonymous” accounts
  • Includes writing style, typos, idioms
  • Cambridge Analytica was doing this in 2016.
  • Now only costs $10/month
  • MCP server exposes data to LLM. Can enhance ability to break privacy

Chatbot with employee data

  • Acme AI solutions (not clear if real company or made up for example)
  • Ask chatbot about employees like “do employees like pets”
  • Controls include ensuring queries are for aggregates and data set has at least 6 results. Tried to protect specific employee data.
  • LLM described what data can/can’t get
  • Claude backend doesn’t limit to one query at a time. Can infer next logical step based on results.
  • https://slk581.bendechr.ai

Target

AI can

  • Predict shopping patterns
  • Identify location without GPS
  • Find API weaknesses
  • etc

eLLephaMts never forget

[cute play on elephants with LLM]

  • Repeat the word company many times
  • After doing it a lot of times, starts giving other internal info

What can I do?

  • Only store what need to store
  • Separate data where possible. Employee database shouldn’t include data used by chat blot
  • The more data you store, the faster a has can be reverse engineered.
  • Rate limiting – LLMs are faster, slow them down without human experience being degraded.
  • Encrypt data
  • Context analysis – do questions seems like they are trying to get specific data. ex: how many people earn more than 150K, how many people earn more than 200K, how many people earn between $225 and $250K. Can use LLM to protect against malicious input from users
  • Prompt engineering – give LLM constraints on how answer. ex: avoid cyclic reasoning to prevent confusing it into giving too much info

Homomorphic Encryption

  • Use AI to see how well done
  • With homomorphic encryption, can do math with encrypted values without decrypting or knowing keys
  • https://homomorphic.bendechr.ai

My take

The examples/demos were great. It was nice seeing the build up to it I appreciate the URLs of the demos being on the screen in addition

QCon 2018 – Data, GDPR & Privacy

Posted on by
Reply

Title: Data, GDPR & Privacy – Doing it right without losing it all
Speaker: Amie Durr

See the table of contents for more blog posts from the conference.

Goals: send right message to right person at right time using right channel (ex: email, text, etc)

One company handles 25% of all non-spam email traffic

Confidence

  • We don’t trust brands with personal information. 2/3  overall. Nobody in room.
  • Employees at GDPR  compliant companies also don’t believe their company is

Recent thefts

  • Ticketfly – emails and hashed passwords.   Shut down their website
  • Panera – email, name, phone, city, last 4 digits of credit card number
  • MyHeritage – email and hashed passwords
  • Myfitnesspal – name, weight, etc

Need to consider

  • What do you store?
  • For how ong do you store it?

Data and privacy regulations

  • CASL
  • CAN-SPAM
  • Privacy Shield – for data leaving Europe
  • GDPR – EU
  • Future: Germany, Australlia, South America
  • Not about specific regulations. Need to care about data an privacy. Part of   Brand. Customers will leave

Supply for data scientists far exceeds supply

Build trust without stiffling innovation

  • accountability – what do with data, who responsible, continuing to focus on data perception,  audit/clean data, make easy to see what data  have and how opt out/delete
  • privacy by design – innovate without doing harm, don’t want to get hacked, be user centric, move data to invididual so no storing, what is actually PII vs what feels like PII. Anonymize both

Remember user data. If the user types it in, could be anything in here

What they did

  • dropped log storage to 30 days. Have 30 days to comply with requests to delete data. So  handled by design for log files
  • hash email recipients
  • Remove unused tracking data
  • Communicated with customers
  • Kept anonymized PII data, support inquiries, etc
  • some customers feel 30 days is too long so looking at going beyond law

Can delete parts of data vs everything (ex:: stack overflow)

brand and pr vs actually keeping user safe [like what happened with accessibility and section 508]

My take

Good talk. I liked the level of detail and concrete examples. I would have liked a refresher of GDPR. But there was enough to tell me what to google. That helped with what didn’t know (or forgot).