Overview
- A. Privacy challenges: past, present and future
- B. Toward the Policy Aware Web: free speech and copyright
- C. Policy Aware Architecture for the Web: End-to-End Privacy Accountability
Privacy Challenges in Internet's first decade
Privacy Challenges in Web's first decade
Privacy challenges in the computer's first four decades
| Decade |
Privacy Challenge |
Policy Response |
| 1960-70s |
Mainframe: collection limits
|
Collection Limits |
| 1980s |
Internet and Personal Computers: secrecy and channel security
|
Security fixes |
| 1990s |
Web: user control
|
User Control/Choice |
| 2000- |
Semantic Web
|
?? |
Law and Society -- a pop quiz
- How many believe you are subject to law (any law)?
- How many of you follow (most) laws? [exclude speed limits]
- How many of you read all the laws to which you believe you are
subject?
- How many have been to a court of law?
General goal: Making the Web 'Policy Aware'
General view (amongst the 'digerati'): law has to catch
up with new technology.
General question: how will laws catch up?
My question: How will the Web finally catch up with the
'real world'?: in everyday life, the vast major of 'policy' problems get
worked out without recourse to legal system.
Design goal: instrument the Web to provide seamless
social interactions which allow us to avoid legal system the way we do in the
rest of life
Global perspective: In the shift from centralized to decentralized
information systems we see a general trend:
ex ante policy enforcement barriers -> policy description
with late binding of rules for accountability
B. Proto Policy Aware Design Patterns: Free Speech, Child Protection,
Content Filtering
| "The Internet is 'a unique and wholly new medium of worldwide human
communication.'" ACLU v. Reno, United States Supreme Court (June 1997)
"Filters are less restrictive than COPA. They impose selective
restrictions on speech at the receiving end, not universal
restrictions at the source." Ashcroft v. ACLU, 542 US 654 (2004).
|
 |
B. Proto Policy Aware Design Patterns: Web Copyright
Traditional Approach to Copyright
Departure from Hollywood content (centralized production)
-> Blogs, Flickr and Livejournal (decentralized content we all make)
Copyright in Decentralized Environments: Creative Commons and the Web
Move from up-front enforcement barriers (DRM) -> open
description of licensing terms (CC) with after-the-fact enforcement
as needed
How does the Policy Aware Web approach help with core privacy challenges?
- Transactional approach to privacy in large-scale, many-to-many
relationships
- Protecting the Privacy of Publicly Available Data
Privacy: the dilemma of consent
Can today's model (EU or US) be sufficient going forward?
Key will be purpose limitation, but we have a dilemma...
- narrow purpose definition -> lots of choices = large time investment
will yield privacy protection and low flexibility
- broad purpose limitation -> few choices = small time investment
required but less control and less privacy protection
Dilemma: limited individual and regulatory capacity to
control escalating data collection.
Current result of consent dilemma +
increased inference power: strict about what's collected but loose about
usage
Better result: loose about what is
collected and strict about usage
Collection Limitation -> Use Limitation
Why?
- Rules express core values!!
- Better allocation of individual and regulatory effort
- Often the only logical evaluation point
C. Policy Aware Architecture for the Web: End-to-End Accountability for
Privacy
C. Policy Aware Architecture for the Web: End-to-End Accountability for
Privacy
Conclusion: practical design patterns for working with personal
information on the Semantic Web
- Provenance: track your sources
- Transparency: show your work
- Accountability: enable end-to-end compliance checking against rules
Links
For more information see:
- Transparent, Accountable Datamining Initiative (TAMI): http://groups.csail.mit.edu/dig/TAMI
- Policy Aware Web project (PAW): http://www.policyawareweb.org/
- Feigenbaum and Weitzner (eds.), "Report
on the 2006 TAMI/Portia Workshop on Privacy and Accountability."
- Weitzner, Abelson, Berners-Lee, Hanson, Hendler, Kagal, McGuinness,
Sussman, Waterman, Transparent
Accountable Data Mining: New Strategies for Privacy Protection,; MIT
CSAIL Technical Report MIT-CSAIL-TR-2006-007
[DSpace handle]
(27 January 2006).
Work described here is supported by the US National Science Foundation
Cybertrust Program (05-518) and ITR Program (04-012).
This work is licensed under a Creative Commons
Attribution-NonCommercial-NoDerivs 2.5 License.
