Transparency and Accountability techniques to align complex information systems with legal and social rules
National Science Foundation
5 March 2007
Daniel J. Weitzner
Decentralized Information Group
MIT Computer Science and Artificial Intelligence Laboratory
General view (amongst the 'digerati'): law has to catch up with new technology.
General question: how will laws catch up?
My question: How will the Web finally catch up with the 'real world'?: in everyday life, the vast major of 'policy' problems get worked out without recourse to legal system.
Design goal: instrument the Web to provide seamless social interactions which allow us to avoid legal system the way we do in the rest of life
Global perspective: In the shift from centralized to decentralized information systems we see a general trend:
ex ante policy enforcement barriers -> policy description with late binding of rules for accountability
Move from up-front enforcement barriers (DRM) -> open description of licensing terms (CC) with after-the-fact enforcement as needed
Can today's model (EU or US) be sufficient going forward?
Key will be purpose limitation, but we have a dilemma...
Dilemma: limited individual and regulatory capacity to control escalating data collection.
Current result of consent dilemma + increased inference power: strict about what's collected but loose about usage
Better result: loose about what is collected and strict about usage
Policy: Shift from a priori controls to a posteriori accountability through transparency
Technology: Rules languages, reasoners, and transaction logging for transparency and accountability
[Demo of Policy Aware Web proof carrying authorization from Jim Hendler]
Privacy Design Pattern: The more data becomes available on the Web and the more inferencing power increases, privacy protection will have to rely more on usage limitation rules and less on collection limitation rules.
#### transactions #### :receive-pnr-1 a ts:Transfer ; ts:time "2004-06-14T00:00:00"^^xsd:DateTime ; ts:antecedents () ; ts:log-owner tb:TSA-DC ; ts:source tb:AA-PNR ; ts:recipient sfdb:TSA-SFDB ; ts:records (:receive-pnr-1-record)
:request-federal-warrant-1-record a ts:DataRecord ; ts:derived-from (:transfer-to-marshals-record) ; ts:content ( "Please obtain a federal warrant for this suspect." :ny-warrant ) ; ts:agent win:USMS-WIN ; ts:category tc:warrants
For more information see:
Work described here is supported by the US National Science Foundation Cybertrust Program (05-518) and ITR Program (04-012).
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.