Data Erasure & Governance with Flutter & Firebase

Transcript

1. Data Erasure &
   Governance
   with
   2020
   

   View Slide

2. Owning a home is hard
   2
   

   View Slide

3. 3
   Analysis
   Help homeowners remember
   ● Surveys
   ● Heuristic analysis of adjacent tools
   ● Problem prioritization
   

   View Slide

4. Agenda
   1. Why respect deletion requests?
   2. Users’ data and your app experience
   3. Code walkthrough with Flutter & Firebase
   4. Summary
   4
   

   View Slide

5. Hello!
   I am Noble
   Sr. Product Manager, Ventera
   Former Google Developers Expert for Product Strategy
   5
   Emergent Technologies
   Data Ethics
   Product Strategy
   Noble
   

   View Slide

6. Why respect erasure
   requests?
   and how FlutterFire makes that easy
   

   View Slide

7. Why respect data
   erasure requests?
   ❏ Users context and choice
   ❏ Intuitive controls in your application
   ❏ It’s not your data
   7
   

   View Slide

8. Choice, Control, & Erasure
   ● Leave it to your users to choose data they
   want to share with you
   ● Choice also means the ability to revoke their
   consent later
   ● Control means the ability to erase my data is
   accessible and intuitive.
   8
   Image credit Aaron Iker | Dribbble
   

   View Slide

9. Context
   

   View Slide

10. ● Names
    ● Addresses
    ● Email addresses
    ● SSN/National ID #
    ● Personal Health Info
    ● ...
    Personal Data
    Data Categories
    Specific To Our App
    ● Property tax information
    ● Inspection Reports
    ● Location information
    ● Banking information
    ● Photos
    

    View Slide

11. Context
    Clear reason why you
    need my data.
    How long do you need it?
    Who are you sharing this
    data with and when?
    Choice
    Give me agency over my
    data.
    How often does that data
    change? Can I revoke my
    consent at any time?
    Control
    Easy access to my data.
    Do: Use standard,
    low-friction patterns.
    Don’t: Use dark patterns,
    hidden links.
    11
    Why respect erasure requests?
    

    View Slide

12. How a panicked Product
    Lead went from WTF is
    Flutter to talk in 5 weeks
    HOW to handle erasure with Flutter fire
    

    View Slide

13. Handling erasure with
    Firebase
    ❏ Conduct Impact Assessment
    ❏ Configure Firebase
    ❏ Review data structure
    13
    

    View Slide

14. Privacy Impact Assessment
    14
    Provide controls to make it
    simple for users to delete
    their data
    Data Privacy Impact
    Assessment and determine
    risks
    Find opportunities to
    Minimize Data
    PIA at a high level
    

    View Slide

15. Firebase setup
    ● Wire up Auth with flutterfire
    ● Install Firebase Extensions
    ● Configure Delete User Data
    firebase.google.com/products/extensions
    & Implement Extension
    

    View Slide

16. npm install -g firebase-tools
    ...
    firebase ext:install delete-user-data
    --project=projectId
    16
    Installing via
    CLI
    Update your CLI and Install
    the extension
    

    View Slide

17. 17
    Review Data
    Structure
    Update your CLI and Install
    the extension
    

    View Slide

18. 18
    Firebase
    Extensions
    Pre-packaged solutions to
    save time
    Switched to
    Editor
    

    View Slide

19. Summary
    Conduct a PIA
    Assessment of risks >
    Remediate > monitor
    continuously as you would
    security.
    Setup Firebase
    Configure your environment,
    spot check your data
    architecture, and ensure users
    data is keyed to UID.
    Implement Extension
    As you do, be sure to think
    about the three C’s. Context,
    Choice, and Control.
    19
    

    View Slide

20. The pandemic & how
    Flutter turned an idea
    into a prototype, quickly.
    Code walkthrough with Flutter & Firebase
    

    View Slide

21. FlutterFire Walkthrough
    ❏ Installing FlutterFire plugins
    ❏ Setup IDE
    ❏ Implement & monitor the Extension
    21
    

    View Slide

22. Installing FlutterFire
    Plugins
    22
    

    View Slide

23. dependencies:
    flutter:
    sdk: flutter
    firebase_core: "^0.5.0"
    firebase_auth: "^0.18.0+1"
    23
    Add &
    Download
    Dependencies
    Add the firebase_auth
    dependency to your projects
    pubspec.yaml flutter pub get
    

    View Slide

24. import 'package:firebase_auth/firebase_auth.dart';
    …
    import 'package:cloud_firestore/cloud_firestore.dart';
    …
    // Delete User
    Future deleteUser() async {
    FirebaseUser user = await getUser;
    try {
    await user.delete();
    } catch (e) {
    ...
    }
    }
    24
    Implement
    Extension
    Leverages FlutterFire with
    Cloud Firestore, Cloud
    Storage
    

    View Slide

25. Widget confirmButton = FlatButton(
    ...
    onPressed: () {
    Navigator.of(ctx).pop();
    deleteUserData(ctx, auth);
    },
    );
    25
    Implement
    Extension
    Leverages FlutterFire for
    Cloud Firestore
    

    View Slide

26. 26
    Switched to
    Console
    

    View Slide

27. Monitoring
    ● Auth dashboard
    ● Add
    firebase.google.com/products/extensions
    Your extensions
    

    View Slide

28. Summary
    Installing FlutterFire
    plugins
    firebase.flutter.dev gets you
    plugins for auth, analytics,
    Firestore, Cloud messaging
    and more across mobile and
    web.
    Setup IDE
    VSCode with the Dart,
    Awesome Flutter Snippets,
    Flutter Extension plugins was
    the way to go.
    Implement & monitor the
    Extension
    You can monitor the activity of
    your extension, in the
    Functions panel including
    checks on health, usage, and
    logs.
    28
    

    View Slide

29. Positive Sum Opportunities
    Vulnerabilities and breaches
    cause Governments to view
    data as a human right.
    Growth In Regulations
    Massive amounts of our
    personal data is given up
    for convenience.
    Growth In Data
    Regulations
    

    View Slide

30. Data Privacy & Current Landscape
    CCPA
    30
    PIPEDA
    LGPD
    GDPR
    PDO
    APP
    MDPA
    

    View Slide

31. 31
    

    View Slide

32. Lessons learned
    Choose the right tool
    Visual Studio Code FTW.
    Started with Android Studio
    based on demos but with the
    right VSCode plug-ins, I never
    looked back.
    Minimize data
    Think deeply about what data
    you really need. Consider
    progressively collecting them
    when your user needs it.
    It's shiny but not a toy
    Complex applications may
    require non-GCP. OOTB, there
    are powerful integrations like
    firebase. You have a lot of
    options if you're willing to do
    the work.
    32
    

    View Slide

33. Thanks! 2020
    Your questions?
    You can find me at @nobleackerson on Twitter & Medium
    

    View Slide

34. Appendix
    34
    

    View Slide

35. Data
    Right to Access
    Where would you expect to request
    access or deletion of your data if not
    Account?
    

    View Slide

36. Easy access to my data
    ● Intuitive controls so that I can act on my consent
    ● The rights to rectification, deletion, and information
    36
    

    View Slide

37. Minimize your data
    Data processing should only use as much data as is required to
    successfully accomplish a given task.
    37
    

    View Slide