Policy Aware Systems

Transparency and Accountability techniques to align complex information systems with legal and social rules

National Science Foundation
5 March 2007

Daniel J. Weitzner
Decentralized Information Group
MIT Computer Science and Artificial Intelligence Laboratory

These slides: http://dig.csail.mit.edu/2007/Talks/0305-policy-aware-overview/

Overview

Policy Aware Web Goal: realignment of decentralized information systems with law
Policy Aware Web Design Principles
Policy Aware Web Projects:

PAW Rules-Based Access Control
Transparency Accountability Data Mining (TAMI) Project

Next Steps: End-to-End Semantic Accountability

General goal: Making the Web 'Policy Aware'

General view (amongst the 'digerati'): law has to catch up with new technology.

General question: how will laws catch up?

My question: How will the Web finally catch up with the 'real world'?: in everyday life, the vast major of 'policy' problems get worked out without recourse to legal system.

Design goal: instrument the Web to provide seamless social interactions which allow us to avoid legal system the way we do in the rest of life

Global perspective: In the shift from centralized to decentralized information systems we see a general trend:

ex ante policy enforcement barriers -> policy description with late binding of rules for accountability

Copyright in Decentralized Environments: Creative Commons and the Web

Move from up-front enforcement barriers (DRM) -> open description of licensing terms (CC) with after-the-fact enforcement as needed

Privacy: the dilemma of consent

Can today's model (EU or US) be sufficient going forward?

Key will be purpose limitation, but we have a dilemma...

narrow purpose definition -> lots of choices = large time investment will yield privacy protection and low flexibility
broad purpose limitation -> few choices = small time investment required but less control and less privacy protection

Dilemma: limited individual and regulatory capacity to control escalating data collection.

Current result of consent dilemma + increased inference power: strict about what's collected but loose about usage

Better result: loose about what is collected and strict about usage

Collection Limitation -> Use Limitation

Why?

Rules express core values!!
Better allocation of individual and regulatory effort
Often the only logical evaluation point

Key Design Patterns

Policy: Shift from a priori controls to a posteriori accountability through transparency

Technology: Rules languages, reasoners, and transaction logging for transparency and accountability

Policy Aware Web Access Control Project

[Demo of Policy Aware Web proof carrying authorization from Jim Hendler]

Transparent Accountable Data Mining Project

Privacy Design Pattern: The more data becomes available on the Web and the more inferencing power increases, privacy protection will have to rely more on usage limitation rules and less on collection limitation rules.

Usage Limits depend upon:

Transparency: history of data manipulations and inferences is maintained and can be examined by authorized parties (who may be the general public).
Accountability: ability to check whether the policies that govern data manipulations and inferences were in fact adhered to.

TAMI Scenario

TSA scenario

TAMI Scenario - Transaction Log

#### transactions ####

:receive-pnr-1 a ts:Transfer
	; ts:time "2004-06-14T00:00:00"^^xsd:DateTime
	; ts:antecedents ()
	; ts:log-owner tb:TSA-DC

	; ts:source tb:AA-PNR
	; ts:recipient sfdb:TSA-SFDB
	; ts:records (:receive-pnr-1-record)

:request-federal-warrant-1-record a ts:DataRecord
	; ts:derived-from (:transfer-to-marshals-record)
	; ts:content (
		"Please obtain a federal warrant for this suspect."
		:ny-warrant
	)
	; ts:agent win:USMS-WIN
	; ts:category tc:warrants