Feeds

Microsoft boffins: Now even LAWYERS can grok Bing code's privacy compliance

Non-techies can get code fixed for privacy laws in real time. So sez Redmond

Internet Security Threat Report 2014

Boffins at Microsoft Research have devised a way to automatically check code for compliance with privacy laws – and, according to Redmond, it's so simple that even non-techies can use it successfully.

Microsoft Research (MSR) has developed a programming language called Legalease, to be used together with its data inventory engine, Grok, which it claims can comb millions of lines of constantly changing code and check that it complies with rules on privacy.

Legalease is intended for use by non-programming types to specify restrictions on how data is handled. One of the main drivers behind Legalease's development was that software developers and those setting companies’ privacy policies don’t share a common language.

MSR says that more than 20 per cent of the code in Bing changes on a daily basis, with changes made by thousands of programmers. Changes in code might affect how data is used or who views it, potentially violating company, government or regulatory privacy policies.

Keeping tabs on changes in very large systems, like the Bing search engine, using manual audits is difficult. According to MSR automated testing is the best way to verify compliance with privacy rules and laws on the massive scale demanded in environments like Bing.

Legalease uses allow/deny rules, with exceptions. This reflects privacy policy frameworks like the US Health Insurance Portability and Accountability Act (HIPPA).

Grok

Grok, meanwhile, annotates existing code using a system that cross-references information from different sources, based on varying levels of confidence.

According to Microsoft, pattern-matching to column names across a database results in a low-confidence score, while annotations made manually by developers are deemed to be more trustworthy and thus get a high-confidence score.

MSR says it developed Grok for use on Bing but found writing suitable polices hard – and this was what led to Legalese. Both were tested on Bing and are now running on the data analytics pipeline of Microsoft's search engine.

MSR presented Legalese and Grok at the 35th IEEE Symposium on Security and Privacy in San Jose, California, this week. Redmond claims a group of non-coders took less than five minutes to learn how to use Legalease and just 15 minutes to code nine Bing policy clauses on the use of user information.

Saikat Guha, a researcher at Microsoft, in a statement called Legalease “the final piece of the automated privacy compliance jigsaw puzzle."

You can read more on the Microsoft Research site here. ®

Remote control for virtualized desktops

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
Was ist das? Eine neue Suse Linux Enterprise? Ausgezeichnet!
Version 12 first major-number Suse release since 2009
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.