Supporting the Adoption of Privacy-Enhancing Technologies through Requirements Engineering

2023-01-24 · Source: cs.SE updates on arXiv.org · Field: Technology & Digital — Cybersecurity & Data Privacy, Software Development & Engineering, Artificial Intelligence & Machine Learning · Depth: Advanced, extended

Summary

This industrial challenge paper examines the persistent, limited adoption of Privacy-Enhancing Technologies (PETs) in software engineering, despite substantial research and industry support. Authors Oleksandr Kosenkov, Vadym Honcharenko, Abhinava Singh, Volodymyr Spirin, and Danica Vranjanin argue that Requirements Engineering (RE) can systematically address the complex, interdisciplinary challenges spanning engineering, business, and legal viewpoints. The analysis details specific hurdles, including the engineering need for enterprise-wide data visibility and architectural impact, business concerns regarding data value and process changes, and legal complexities like PETs not guaranteeing full compliance or the relative nature of anonymity. The paper proposes RE approaches for stakeholder modeling, explicit requirement capture, conflict resolution, and enhanced coordination to improve PET integration and realize benefits like enhanced software trustworthiness.

Key takeaway

For software engineering managers and product owners implementing privacy-enhancing technologies (PETs), you must integrate Requirements Engineering (RE) to align engineering, business, and legal perspectives. Explicitly model stakeholder viewpoints and their specific demands to proactively resolve conflicts and ensure PETs are embedded by design. This approach will maximize user trust and compliance, avoiding costly reworks and "privacy washing" risks.

Key insights

Requirements Engineering is crucial for overcoming multi-viewpoint challenges in Privacy-Enhancing Technologies adoption by fostering interdisciplinary coordination.

Principles

• PET adoption requires interdisciplinary coordination across engineering, business, and legal viewpoints.
• Neglecting any viewpoint's challenges increases implementation failure risk.
• Early PET integration maximizes trustworthiness and user acceptance.

Method

RE methods can systematically identify stakeholders, capture viewpoint-specific demands, resolve inter-viewpoint conflicts, and facilitate coordinated decision-making for PET adoption.

In practice

• Adopt privacy modeling techniques like privacy threat modeling.
• Establish engineering-legal communication for PETs.
• Integrate PETs into software products by design from the outset.

Topics

• Privacy-Enhancing Technologies
• Requirements Engineering
• Data Privacy Compliance
• Software Architecture
• Privacy by Design
• Stakeholder Coordination

Best for: CTO, VP of Engineering/Data, AI Architect, Software Engineer, AI Security Engineer, Legal Professional

Related on AIssential

• Building trust in the AI era with privacy-led UX — Privacy-led UX builds consumer trust and supports business growth by treating data consent as an ongoing relationship.
• Human-Centred Requirements Engineering for Critical Systems: Insights from Disaster Early Warning Applications — Human-centricity is a critical, traceable quality concern for dependable critical systems, especially for vulnerable users in disaster early warning.
• QCon London 2026: Ethical AI Is an Engineering Problem — Ethical AI is an engineering challenge requiring integration of ethical checks throughout the development lifecycle.
• Is there a notable increase in demand for privacy-preserving AI/ML with the advent of LLMs? [D] — Despite performance trade-offs, regulatory pressure and increasing data privacy risks are driving demand for privacy-preserving AI.
• Engaged AI Governance: Addressing the Last Mile Challenge Through Internal Expert Collaboration — Internal expert collaboration can bridge the gap between AI regulations and practical software development.
• Call on International AI Community and Policymakers to Ensure Privacy Rights Are Preserved and Protected — AI's societal benefits depend on robust privacy protections against extensive data collection and misuse.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by cs.SE updates on arXiv.org.