Special Topics in Computer Science Computation and Society: Privacy and Technology
12 April 2007
Cambridge, MA
Daniel J. Weitzner
Decentralized Information
Group
MIT Computer Science and Artificial Intelligence Laboratory
These slides: http://dig.csail.mit.edu/2007/Talks/0412-beyond-secrecy/
1. The advancing privacy challenge
2. Help from the history of the evolution of privacy and technology
3. Assuming state-of-the art research succeeds, then what...
Historical foundation:
"Ways may some day be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home.... Can it be that the Constitution affords no protection against such invasions of individual security?"Olmstead v. United States, 277 U.S. 438, 467 (1928) (Brandeis, J., dissenting)
Modern response:
It would be foolish to contend that the degree of privacy secured to citizens by the Fourth Amendment has been entirely unaffected by the advance of technology.... Where, as here, the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a “search” and is presumptively unreasonable without a warrant. "Kyllo v. United States. 533 U.S. 27 (2001) (Scalia, J.)
"[T]he law must advance with the technology to ensure the continued vitality of the Fourth AmendmentElectronic Communications Privacy Act legislative history, Senate Report, p.5
Communications Technology |
Crime | 4A trigger |
4A protection | |
1928 | Early telephone | Prohibition | Castle: Physical -- property/trespass (Olmstead) | none b/c no trespass |
1968 | Mass market phones | Gambling/Organized Crime | People not places (Katz) | Congress enacts guidance of Katz: Probable cause, limited class of crimes, after the fact inventory |
1984/6 | Store & forward/email | [pre-emptive strike by technophiles] | Activity not medium | ECPA: email gets status of 1st class mail vs. 3rd party business records |
1994 | Transactional records | Global, digital communications | Power to reveal personal information vs. owner | judicial supervision for transactional records access |
2007 Today |
World Wide Web and data mining | Terrorism | People not information | ?? |
Can today's model (EU or US) be sufficient going forward?
Key will be purpose limitation, but we have a dilemma...
Dilemma: limited individual and regulatory capacity to control escalating data collection.
Current result of consent dilemma + increased inference power: strict about what's collected but loose about usage
Better result: loose about what is collected and strict about usage
Goal: construct data base protocol that limits information access according to a formal definition of privacy
Privacy Definition: indistinguishability of the individual from the community
Method: measures epsilon-indistinguishability of a database query transcript
Differential Privacy, Cynthia Dwork, 33rd International Colloquium on Automata, Languages and Programming, ICALP 2006, Part II, pp. 1–12, 2006.
k-anonymity work
A privacy-safe zone: Privacy sensitive data mining establishes a boundary, which, if respected, assures no privacy risk to the individual.
question 1 - requires new system design
question 2 - requires new policy making in response to technical change
General view (amongst the 'digerati'): law has to catch up with new technology.
General question: how will laws catch up?
My question: How will the Web finally catch up with the 'real world'?: in everyday life, the vast major of 'policy' problems get worked out without recourse to legal system.
Design goal: instrument the Web to provide seamless social interactions which allow us to avoid legal system the way we do in the rest of life
Global perspective: In the shift from centralized to decentralized information systems we see a general trend:
ex ante policy enforcement barriers -> policy description with late binding of rules for accountability
Policy: Shift from a priori controls to a posteriori accountability through transparency
Technology: Rules languages, reasoners, and transaction logging for transparency and accountability
Privacy Design Pattern: The more data becomes available on the Web and the more inferencing power increases, privacy protection will have to rely more on usage limitation rules and less on collection limitation rules.
For more information see:
Work described here is supported by the US National Science Foundation Cybertrust Program (05-518) and ITR Program (04-012).
This work is licensed under a Creative Commons
Attribution-NonCommercial-NoDerivs 2.5 License.