“As part of the first generation who came of age on the internet, I enjoyed the benefits of participating in the digital life, like instant messaging my friends when I was supposed to be doing homework,” writes Jean Yang, an assistant professor of computer science at Carnegie Mellon University, in her The Conversation post Building privacy right into software code. Yang adds she learned the hard way that user privacy was not always utmost on the minds of those who create applications and software platforms (e.g., cookies lead to her mother realizing she had secretly been using AOL Instant Messaging).
SEE: Information Security Policy (Tech Pro Research)
Yang’s early experiences did not dampen her interest in computing technology; in fact, it led to a career in teaching computer science and research into programming languages. Mindful of her earlier experiences, Yang wondered if something could be done to improve online privacy. Since programming languages are her area of expertise, she started there.
How out-of-date programming languages can lead to privacy issues
Yang discovered that many of today’s popular languages make it difficult for programmers to protect the privacy of individuals, adding, “It’s bad enough that this state of affairs means programmers have lots of opportunities to make privacy-violating errors.”
She points out programmers are not exclusively to blame; besides programming errors, shortcomings found in programming languages are equally significant. The programming languages Facebook developers use are a good example. “As older languages develop into today’s programming environments, security and privacy remain as add-ons, rather than built-in automatic functions,” writes Yang. “Though programmers try to keep instructions for different functions separate, code dedicated to enforcing privacy and security concerns gets mixed in with other code, and spread throughout the software.”
SEE: 15 books every programmer should read (free PDF) (TechRepublic)
The decentralized nature of information leaks caused by out-of-date programming languages is familiar to Yang; it is part and parcel of the privacy issues she experienced years ago. Using Facebook’s platform as an example again, Yang mentions that privacy-related code is scattered throughout the programs used to run Facebook’s infrastructure, and that requires programmers to be aware of all the privacy-related components in a complex software environment. Yang adds, “To make sure nobody finds out where I am unless I want them to, the programmer must tell the system to check my privacy settings everywhere it uses my location value, directly or indirectly.”
Let computers do the work
Why not take the task of privacy protection away from humans and entrust it to computers? “We can–and should–develop programming models that allow us to incorporate security and privacy into software in a simpler fashion,” suggests Yang. That suggestion is based on language-based information flow security (PDF). It is relatively new technology that automatically checks programs to ensure that sloppy programming is not inadvertently violating privacy or other data-protection rules.
However, Yang cautions that language-based information flow security models are not the end-all answer. “Even with tools that can check programs, the programmer needs to do the heavy lifting of writing programs that do not leak information,” she advises. “This still involves writing those labor-intensive and error-prone privacy checks throughout the program.”
Introducing Jeeves, a policy-agnostic programming paradigm
As part of her Ph.D. program at MIT, Yang took on improving the pitfalls found in language-based information flow security. The results? Yang and fellow team members came up with a new programming model. In her dissertation (PDF), Yang writes:
“As a solution to the problem of information leaks, I propose a policy-agnostic programming paradigm that enforces security and privacy policies by construction. I present the implementation of this paradigm in a new language, Jeeves, that automatically enforces information flow policies describing how sensitive values may flow through computations.”
In her column, Yang offers a simple explanation: “In these systems, programmers attach security and privacy restrictions directly to every data value.”
Jeeves removes the need for humans to write code that repeatedly checks which information should be shared–that is handled directly and automatically by the computer system. “That means one less thing for programmers to think about,” adds Yang. “It also helps users feel more confident that some element of a complicated piece of software–much less a human error–won’t violate their personal privacy settings.”
With software programs now involved in nearly every facet of our lives, the potential for problems has increased significantly. Yang offers this conclusion: “If our computers can protect our privacy, that would be a huge improvement to our rapidly changing world.”