Privacy: What Developers and IT Professionals Should Know [ILLUSTRATED] (Paperback)

by J.C. Cannon (Author)

Editorial Reviews

Product Description
When you are on a Web site you don't know well, and you are asked tocomplete an online form, if you are like most people you immediately weigh inyour mind issues of how private the information you provide will be kept.Studies have shown that 64% of consumers have left a Web site because ofconcerns about privacy, and that online retailers lose $6.2 billion a year in salesbecause of privacy issues. Lack of privacy conditions in building an applicationor a web site is a liability; conversely, a web site where the consumer feels thattheir privacy will be guarded is a competitive advantage. In our securityconsciousworld privacy is a topic of concern right up there with identity theftand spam. Yet until now there has not been one source of information fordevelopers on how to develop applications and web sites that will take intoconsideration privacy concerns. JC Cannon draws upon the experience he haslearned from his role in the corporate privacy group at Microsoft to givedevelopers a complete guide to including privacy in their development process.It covers topics such as spam, digital rights management, the Platform forPrivacy Preferences (P3P) project, and protecting database data.

From the Back Cover

Praise for J.C. Cannon's Privacy

"A wonderful exploration of the multifaceted work being done to protect the privacy of users, clients, companies, customers, and everyone in between."

—Peter Wayner, author of Translucent Databases

"Cannon provides an invaluable map to guide developers through the dark forest created by the collision of cutting-edge software development and personal privacy."

—Eric Fredericksen, Sr. Software Engineer, PhD., Foundstone, Inc.

"Cannon's book is the most comprehensive work today on privacy for managers and developers. I cannot name any technical areas not covered. No practitioners should miss it."

—Ray Lai, Principal Engineer, Sun Microsystems, Inc., co-author of Core Security Patterns and author of J2EE Platform Web Services

"Every developer should care deeply about privacy and this is the best book I've read on the subject. Get it, read it, and live it."

—Keith Ballinger, Program Manager, Advanced Web Services, Microsoft

"J.C. Cannon's book demonstrates that information and communication technology can contribute in a significant way to restoring individual privacy and raises more awareness of the complexity and importance of this societal problem."

—Dr. John J. Borking, Former Commissioner and Vice-President of the Dutch Data Protection Authority

"If you are planning, implementing, coding, or managing a Privacy campaign in your company or your personal computing, there is no more relevant reference. J.C. Cannon nails the issues."

—Rick Kingslan, CISSP, Microsoft MVP-Windows Server: Directory Services and Right Management, West Corporation

"It's often been said that security is a process, not a product. Privacy is no different! Unlike other privacy books, J.C. Cannon's book has something valuable to convey to everyone involved in the privacy process, from executives to designers and developers, many of whom aren't thinking about privacy but should be."

—Keith Brown, Co-founder of Pluralsight and author of The .NET Developer's Guide to Windows Security and Programming Windows Security

"J.C. Cannon's new book on electronic privacy is an important addition to the available works in this emerging field of study and practice. Through many humorous (and occasionally frightening) examples of privacy gone wrong, J.C. helps you better understand how to protect your privacy and how to build privacy awareness into your organization and its development process. Keenly illustrating both the pros and cons of various privacy-enhancing and potentially privacy-invading technologies, J.C.'s analysis is thorough and well-balanced. J.C. also explains many of the legal implications of electronic privacy policies and technologies, providing an invaluable domestic and international view."

—Steve Riley, Product Manager, Security Business and Technology Unit, Windows Division, Microsoft

"Privacy concerns are pervasive in today's high-tech existence. The issues covered by this book should be among the foremost concerns of developers and technology management alike."

—Len Sassaman, Security Architect, Anonymizer, Inc.

You're responsible for your customers' private information. If you betray their trust, it can destroy your business. Privacy policies are no longer enough. You must make sure your systems truly protect privacy—and it isn't easy. That's where this book comes in.

J.C. Cannon, Microsoft's top privacy technology strategist, covers every facet of protecting customer privacy, both technical and organizational. You'll learn how to systematically build privacy safeguards into any application, Web site, or enterprise system, in any environment, on any platform. You'll discover the best practices for building business infrastructure and processes that protect customer privacy. You'll even learn how to help your customers work with you in protecting their own privacy. Coverage includes

• How privacy and security relate—and why security isn't enough
• Understanding your legal obligations to protect privacy
• Contemporary privacy policies, privacy-invasive technologies, and privacy-enhancing solutions
• Auditing existing systems to identify privacy problem areas
• Protecting your organization against privacy intrusions
• Integrating privacy throughout the development process
• Developing privacy-aware applications: a complete sample application
• Building a team to promote customer privacy: staffing, training, evangelization, and quick-response
• Protecting data and databases via role-based access control
• Using Digital Rights Management to restrict customer information
• Privacy from the customer's standpoint: spam avoidance, P3P, and other tools and resources

Whether you're a manager, IT professional, developer, or security specialist, this book delivers all the information you need to protect your customers—and your organization.

The accompanying CD-ROM provides sample privacy-enabling source code and additional privacy resources for developers and managers.

J. C. CANNON, privacy strategist at Microsoft's Corporate Privacy Group, specializes in implementing application technologies that maximize consumer control over privacy and enable developers to create privacy-aware applications. He works closely with Microsoft product groups and external developers to help them build privacy into applications. He also contributed the chapter on privacy to Michael Howard's Writing Secure Code (Microsoft Press 2003). Cannon has spent nearly twenty-five years in software development.

© Copyright Pearson Education. All rights reserved.

See all Editorial Reviews

Product Details

• Paperback: 384 pages
• Publisher: Addison-Wesley Professional (October 1, 2004)
• Language: English
• ISBN-10: 0321224094
• ISBN-13: 978-0321224095
• Product Dimensions: 9.1 x 7 x 1 inches
• Shipping Weight: 1.4 pounds
• Average Customer Review: 4.5 out of 5 stars See all reviews (6 customer reviews)
• Amazon.com Sales Rank: #821,531 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

3 of 4 people found the following review helpful:

3.0 out of 5 stars simple description of antispam methods, November 20, 2004

By	W Boudville (Terra, Sol 3) - See all my reviews (TOP 50 REVIEWER)    (REAL NAME)

A management level discussion of privacy issues in computing. While Cannon is from Microsoft, he writes for the general case. Nothing here is really specific to Microsoft's situation or products. Though it might be said that since Microsoft is the world's dominant software company, they might tend to be more sensitive to the issues raised in the text. Held to a higher standard and all that. So in this sense, having Cannon being a senior executive at Microsoft lends the book some gravitas. Even if you are a competitor of Microsoft, it might pay to study this book.

One of the issues covered is spam. He gives a summary of the main antispam methods currently in vogue. The reader needs to be aware that the discussion is very limited. Extensions are ignored that improve the effectiveness of several methods. Consider for example the hashing method. He restricts this to making a single hash from a message. But making several hashes is far more robust to spammer countermeasures.

Likewise, block lists are described. (More commonly known as black lists.) He says the drawback is that spammers usually use fake email addresses and domain names. Well, for one thing, not all spammers fake these. So the black list can still be applied against the purported sender, to detect the latter. But suppose that a spammer does forge her address in the header. The black list can also be applied against the message body. Typically with devastating effect.

3 of 4 people found the following review helpful:

5.0 out of 5 stars Excellent information on privacy issues..., October 6, 2004

By	Thomas Duff "Duffbert" (Portland, OR United States) - See all my reviews (TOP 50 REVIEWER)    (REAL NAME)

I recently received a copy of Privacy: What Developers and IT Professionals Should Know by J. C. Cannon (Addison-Wesley). This is a good book that does an excellent job in delivering to the target audience.

Chapter list: An Overview Of Privacy; The Importance of Privacy-Enhancing and Privacy-Aware Technologies; Privacy Legislation; Managing Windows Privacy; Managing Spam; Privacy-Invasive Devices; Building a Privacy Organizational Infrastructure; The Privacy Response Center; Platform for Privacy Preferences Project (P3P); Integrating Privacy in the Development Process; Performing a Privacy Analysis; A Sample Privacy-Aware Application; Protecting Database Data; Managing Access to Data: A Coding Example; Digital Rights Management; Privacy Section for a Feature Specification; Privacy Review Template; Data Analysis Template; List of Privacy Content; Privacy Checklist; Privacy Standard; References; Index

In today's environment, nearly every aspect of your daily existence touches data processing systems in some way. And if you surf the web, you know you are constantly being asked for personal and demographic information. But all too often, privacy issues related to all this information are not addressed in a secure, consistent methodology. Because of that, you stand a good chance of having far more personal information released to 3rd parties than you may be comfortable with. This book will help you become aware of the issues and build solid systems and processes that protect that privacy.

The first part of the book shows you how to secure your own privacy when you're working with computers. With the use of features such as pop-up blockers, cookie blockers, anonymous email services, and other related tools, you can effectively control the amount of information about your person and your activities while online. This information is really useful to anyone reading the book regardless of whether they are in IT or not. The second part of the book concentrates more on building software and processes that recognizes this right to privacy and gives the consumer choices on how to disclose and manage their personal information. The information is very practical and readable, and organizations would do well to consider the information presented here.

If you happen to be working in an industry affected by legislation such as HIPAA, this book becomes critical. If you're dealing with personal health information, you have no choices when it comes to privacy. The laws are spelled out, and the legal consequences for violating these laws are severe. Companies such as these should definitely get a copy.

This information has even affected one of the application changes I am currently working on. The user wanted to track the number of hits that a document got for reading. I started to build the change to track *who* read it, but then remembered that "less is more". There's no reason to track that information, so I shouldn't. As a result, I've got a more privacy-friendly application that delivers the desired results without violating the reader's privacy.

Good book, and worth the time for reading...

4.0 out of 5 stars High level privacy overview, February 8, 2005

By	Dmitri Nevedrov "Dmitri Nevedrov" (Superior, CO, USA) - See all my reviews (REAL NAME)

I enjoyed reading this book. Although not very detailed or technical, the book is a good management level overview of data protection, privacy ideas and techniques to enforce privacy policies within an organization. The book is useful for a software developer, IT person, database administrator, manager, or anyone involved in handling or managing computer data. The material is presented in a language suitable for virtually any IT expertise level. There are some examples presented from real life that help the reader to understand the concepts better. I think the book covers almost everything about digital data privacy and it does not focus solely on privacy related to Microsoft products.