Transparency and Accountability: Policy Aware Web Design Strategies

Daniel J. Weitzner

Decentralized Information Group
MIT Computer Science and Artificial Intelligence Laboratory

W3C Technology and Society Domain Lead

19 October 2006
Madrid, Spain

These slides: http://dig.csail.mit.edu/2006/Talks/1019-transparency-e2e-acccountability/

Overview

Civilizing the Web

A. Relationship between law and society
B. The Privacy Challenge: A Case Study
C. Some observations on the evolution of services on the Web
D. Design Patterns for the Policy Aware Web: End-to-End Accountability for Web Privacy

A. Law and Society -- a pop quiz

How many believe you are subject to law (any law)?
How many of you follow (most) laws? [exclude speed limits]
How many of you read all the laws to which you believe you are subject?
How many have been to a court of law?

The anti-formalist view of law in society (see software verification debate)

General goal: Making the Web 'Policy Aware'

General view (amongst the 'digerati'): law has to catch up with new technology.

General question: how will laws catch up?

My question: How will the Web finally catch up with the 'real world'?: in everyday life, the vast major of 'policy' problems get worked out without recourse to legal system.

Design goal: instrument the Web to provide seamless social interactions which allow us to avoid legal system the way we do in the rest of life

Global perspective: In the shift from centralized to decentralized information systems we see a general trend:

ex ante policy enforcement barriers -> policy description with late binding of rules for accountability

B. Privacy Challenges -- then and now

Privacy -- The challenge of web-scale profiling


	‚ÄúAuthorities in the Washington region spotted the same faded blue 1990 Chevrolet Caprice and recorded its New Jersey tags on at least 10 different occasions this month‚Ä¶. Each time, however, they let the driver go after finding no record that it had been stolen or that its occupants were wanted for any crimes.
‚ÄôWe were looking for a white van with white people, and we ended up with a blue car with black people,‚Äô said D.C. Police Chief Charles H. Ramsey‚Äù Washington Post 26 October 2002, p.A01

Privacy shifts -- from collection limts to use limits

Most intrusive practices are from inferences drawn, not individual quanta of information collected:

Credit card transactions -> profiling
Web logs -> Web search patterns
Instantaneous location -> travel patterns

collection barriers -> usage description with accountability (after the fact) to rules:

Departure from information hiding as a privacy protection mechanism -> transparency and accountability

C. Privacy: the dilemma of consent

Can today's model (EU or US) be sufficient going forward?

Key will be purpose limitation, but we have a dilemma...

narrow purpose definition -> lots of choices = large time investment will yield privacy protection and low flexibility
broad purpose limitation -> few choices = small time investment required but less control and less privacy protection

Dilemma: limited individual and regulatory capacity to control escalating data collection.

Current result of consent dilemma + increased inference power: strict about what's collected but loose about usage

Better result: loose about what is collected and strict about usage

D. Collection Limitation -> Use Limitation

We're at the wrong end of the privacy spectrum facing scalability crisis:

privacy today

D. Collection Limitation -> Use Limitation

Necessary but not sufficient control point:

privacy goal for some

D. Collection Limitation -> Use Limitation

This is where we should be:

privacy goal for some

Collection Limitation -> Use Limitation

Why?

Rules express core values!!
Better allocation of individual and regulatory effort
Often the only logical evaluation point

Provenance

editorial (or algorithmic) barriers -> individual description with trust inferencing;

Departure from centralized editorial control -> ad hoc, customized reasoning over large volume of description

Property

Departure from Hollywood content (centralied production) -> Blogs, Flickr and Livejournal (decentralized content we all make)

Property

Move from up-front enforcement barriers (DRM) -> open description of licensing terms (CC) with after-the-fact enforcement as needed

E. End-to-End Accountability for Privacy Protection

today's web architecture

E. End-to-End Accountability for Privacy Protection

today's web architecture

Conclusion: requirements for Web privacy technology

End-to-End Semantic Accountability

A priori collection and access limitations: Semantically-aware access control
A posteriori usage rules: Policy Aware transaction logs enabling Web-wide, end-to-end accountability

Links and Acknowledgements

For more information see:

MIT Decentralized Information Group: http://dig.csail.mit.edu/
Transparent, Accountable Datamining Initiative (TAMI): http://groups.csail.mit.edu/dig/TAMI
Policy Aware Web project (PAW): http://www.policyawareweb.org/
Feigenbaum and Weitzner (eds.), "Report on the 2006 TAMI/Portia Workshop on Privacy and Accountability."
Weitzner, Abelson, Berners-Lee, Hanson, Hendler, Kagal, McGuinness, Sussman, Waterman, Transparent Accountable Data Mining: New Strategies for Privacy Protection,; MIT CSAIL Technical Report MIT-CSAIL-TR-2006-007 [DSpace handle] (27 January 2006).

Work described here is supported by the US National Science Foundation Cybertrust Program (05-518) and ITR Program (04-012).

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.