Engineering Privacy

Privacy and Security

Article Snapshot


Lorrie Faith Cranor and Sarah Spiekermann


IEEE Transactions on Software Engineering, Vol. 35, No. 1, pp. 67-82, January/February, 2009


This article reviews how engineers can design computer systems to protect privacy.

Policy Relevance

Engineers should design systems to ensure that users have more knowledge and control over how their data is used.

Main Points

  • So far, engineers have given little thought to designing systems that help protect privacy.
  • Privacy means controlling access to one’s personal sphere and data, and also limiting the risk that the data will be used in a harmful way.
  • Engineers can affect the privacy of data controlled by users, by data recipients such as online retailers, and in between.  Data transfer, data storage, and data processing can all affect privacy.
    • Automatic transfers of data that happen without the knowledge of the user raise more privacy risks than transfers of data of which the user is aware.
    • Transient or temporary storage raises fewer concerns than long-term storage.
  • Many users are willing to reveal private information in social setting like Facebook, or when involved in buying and selling, but concerns about privacy can still affect their behavior. Firms that do not protect privacy can suffer a backlash.
  • Systems either protect privacy through their engineering architecture, automatically avoiding data collection, or using privacy policies. Most business rely on privacy policies.
  • In designing systems, engineers make choices about network architecture and how data and users are tagged and identified that affect privacy.
    • Systems can relay information to users from servers through intermediaries that make the user more anonymous.
    • Systems that store data with the user, or “client,” often protect privacy better than network-based systems, but might not work with some business models.
    • Systems can be designed to store only essential data about users.
  • If a system is not designed to keep users anonymous, engineers should design the system to help ensure that users have notice and choice about how their data is used.

Get The Article

Find the full article online

Search for Full Article