Overview
Why transparent, accountable systems?
- General perspective of TAMI project:
- view of the relationship between law and society
- deep openness of Web-based social interactions
- Privacy Challenges: Technical and legal
- Accountability Design Requirements for Privacy Protection
- Application of accountability to other public policy problems
Law and Society -- a pop quiz
- How many believe you are subject to law (any law)?
- How many of you follow (most) laws? [exclude speed limits]
- How many of you read all the laws to which you believe you are
subject?
- How many have been to a court of law?
General goal: Making the Web 'Policy Aware'
How will the Web finally catch up with the 'real world'?: in everyday
life, the vast major of 'policy' problems get worked out without recourse to
legal system.
Design goal: instrument the Web to provide seamless social interactions
which allow us to avoid legal system the way we do in the rest of life
Punch line: In the shift from centralized to decentralized information
systems we see a general trend:
ex ante policy enforcement barriers -> policy description
with late binding of rules for accountability
A. Privacy Challenges -- then and now
A. Privacy Challenge -- increased information collection, storage and
analysis
- gmail
- MySpace
- EZPass
- AT&T (and the NSA)
B. Privacy Challenge -- inadequate laws
- Outdated surveillance laws: limiting evidence collection is inadequate
without more powerful control over inference
- Limited scope of data privacy laws:
- US: sector-by-sector collection limitations ignore large commercial
and non-commercial transactions
- EU: Data Protection Directive (the gold standard of privacy laws),
key features:
- Notice
- affirmative consent (opt-in)
- collection limitation (minimization)
- purpose limitation (modulo consent)
- access and correction
C. Privacy Challenge -- dilemma of consent
Can consent model (EU opt-in or US opt-out) be effective going forward?
Key will be purpose limitation, but we have a dilemma...
- narrow purpose definition -> lots of choices = large time investment
will yield privacy protection and low flexibility
- broad purpose limitation -> few choices = small time investment
required but less privacy protection
Dilemma: limited individual and regulatory capacity to control escalating
data uses.
Result of consent dilemma + increased inference power: strict about what's
collected but loose about usage
Collection Limitation -> Use Limitation
We're at the wrong end of the privacy spectrum and seeking the wrong
results:
Collection Limitation -> Use Limitation
Still suboptimal control point:
Collection Limitation -> Use Limitation
This is where we should be:
Collection Limitation -> Use Limitation
Why?
- Rules express core values!!
- Better allocation of individual and regulatory effort
- Often the only logical evaluation point
Collection Limitation -> Use Limitation
How?
Systems: (see Abelson, Hanson, Delgado Kloos, McGuinness
talks)
- formal specification of rules over data
- assess accountability to rules upon 'adverse action'
- construct proof of compliance to accompany adverse action
Laws:
- specify permissible and impermissible uses
- require proof of permissible use along with adverse action (in
high-sensitivity situations (government access, health records, ...)
- learn how to match expressivity of legal rules with inferencing
power
Other users of accountable systems
- Health Privacy
- Credit Reporting
- Copyright management (DRM alternative)
Property
Departure from Hollywood content (centralied production)
-> Blogs, Flickr and Livejournal (decentralized content we all make)
Property
Move from up-front enforcement barriers (DRM) -> open
description of licensing terms (CC) with after-the-fact enforcement
as needed
