Design of new product and service with security built in is a recurring topic in the embedded system space. Locks, keys, trusted sources, encryption, access points, and data verification have been centre stage in the debates. But as sensors and controls become more personal, privacy has moved to take the top slot.
Privacy, one of the security pillars, is addressed specifically by GDPR as it places in law the right to have a say in how data is used. Data captured, stored and processed, as part of the legitimate interest of any organisation, is allowed under GDPR, and this will apply to data captured by embedded systems. Identification of the data itself, and the source of the data, is key to ensuring that regulations are not breached; this aspect is perhaps not hard to achieve. Harder, however, is ensuring that the correct data owner is identified. Without this it’s impossible to provide rights to those owners. But perhaps, particularly where systems are not closed or bounded, the security aspects of proving and preserving data ownership will be the source of the greatest challenges.
Observation and analysis of system designs in this area appear to follow two common scenarios. The first is where no-one seems to take or define ownership. This leaves rights and responsibilities in limbo. The other is where everyone claims data ownership, generally with a view of possible monetisation. Addressing these issues is an area of work that has grown over the past few years and is undertaken under the Quantify and Bounding aspect of the Navigational Approach to technology development. The aim is to ensure that not only is privacy respected within the operation of an embedded system but that the ability for the rights of data owners to be exercised is built in at a functional level.
The Navigational Approach we’ve designed at AND starts with Surveying and Mapping of the relevant technologies before moving through Architecting to Quantify and Bounding. The movement through these stages provides a means of addressing all aspects of security during the design phase and ensures that privacy is designed–in.
Research into the art and science of technology development is continually on-going and I am more than happy to discuss and debate this important topic.
Please do contact me to register interest.