Feeds

Microsoft boffins: Now even LAWYERS can grok Bing code's privacy compliance

Non-techies can get code fixed for privacy laws in real time. So sez Redmond

Providing a secure and efficient Helpdesk

Boffins at Microsoft Research have devised a way to automatically check code for compliance with privacy laws – and, according to Redmond, it's so simple that even non-techies can use it successfully.

Microsoft Research (MSR) has developed a programming language called Legalease, to be used together with its data inventory engine, Grok, which it claims can comb millions of lines of constantly changing code and check that it complies with rules on privacy.

Legalease is intended for use by non-programming types to specify restrictions on how data is handled. One of the main drivers behind Legalease's development was that software developers and those setting companies’ privacy policies don’t share a common language.

MSR says that more than 20 per cent of the code in Bing changes on a daily basis, with changes made by thousands of programmers. Changes in code might affect how data is used or who views it, potentially violating company, government or regulatory privacy policies.

Keeping tabs on changes in very large systems, like the Bing search engine, using manual audits is difficult. According to MSR automated testing is the best way to verify compliance with privacy rules and laws on the massive scale demanded in environments like Bing.

Legalease uses allow/deny rules, with exceptions. This reflects privacy policy frameworks like the US Health Insurance Portability and Accountability Act (HIPPA).

Grok

Grok, meanwhile, annotates existing code using a system that cross-references information from different sources, based on varying levels of confidence.

According to Microsoft, pattern-matching to column names across a database results in a low-confidence score, while annotations made manually by developers are deemed to be more trustworthy and thus get a high-confidence score.

MSR says it developed Grok for use on Bing but found writing suitable polices hard – and this was what led to Legalese. Both were tested on Bing and are now running on the data analytics pipeline of Microsoft's search engine.

MSR presented Legalese and Grok at the 35th IEEE Symposium on Security and Privacy in San Jose, California, this week. Redmond claims a group of non-coders took less than five minutes to learn how to use Legalease and just 15 minutes to code nine Bing policy clauses on the use of user information.

Saikat Guha, a researcher at Microsoft, in a statement called Legalease “the final piece of the automated privacy compliance jigsaw puzzle."

You can read more on the Microsoft Research site here. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.