Information Accountability: A lightning Talk

21 June 2007
Semgrail Workshop
Microsoft Research Redmond, WA

Daniel J. Weitzner
Decentralized Information Group
MIT Computer Science and Artificial Intelligence Laboratory

These slides: http://dig.csail.mit.edu/2007/Talks/0621-info-account/

Overview

The Web Policy Challenge: privacy and copyright as examples
Clues from regulatory systems governing large-scale information flows
An architecture for end-to-end information accountability

Web Policy Challenge - Privacy

We learn that what people care about is how information is used, not who has access to it.

What Privacy Isn't

Saltzer and Schroeder, The Protection of Information in Computer Systems:

"The term 'privacy' denotes a socially defined ability of an individual (or organization) to determine whether, when, and to whom personal (or organizational) information is to be released."

Communications of the ACM 17, 7 (July 1974).

Technical approach -- Information Hiding: Privacy Sensitive Data Analysis

Goal: construct data base protocol that limits information access according to a formal definition of privacy

Privacy Definition: indistinguishability of the individual from the community

Method: measures epsilon-indistinguishability of a database query transcript

Differential Privacy, Cynthia Dwork, 33rd International Colloquium on Automata, Languages and Programming, ICALP 2006, Part II, pp. 1–12, 2006.

see also Sweeney's k-anonymity work

Questions upon the Success of Privacy Sensitive Data Analysis

A privacy-safe zone: Privacy sensitive data mining establishes a boundary, which, if respected, assures no privacy risk to the individual.

how do you know that data usage remains within the privacy-safe zone:
- over time?
- across an institution?
what legal rules outside the privacy-safe zone?

Web Policy Challenge - Copyright: The Mass Media DRM Approach

iTunes

Web Policy Challenge - Copyright: Next Generation Response Challenges

Move from up-front enforcement barriers (DRM) -> open description of licensing terms (CC) with after-the-fact enforcement as needed

Web Policy Challenge - Copyright: Some tunes can change


	"Imagine a world where every online store sells DRM-free music encoded in open licensable formats. In such a world, any player can play music purchased from any store, and any store can sell music which is playable on all players. This is clearly the best alternative for consumers, and Apple would embrace it in a heartbeat. If the big four music companies would license Apple their music without the requirement that it be protected with a DRM, we would switch to selling only DRM-free music on our iTunes store. Every iPod ever made will play this DRM-free music," Steve Jobs, Thoughts on Music (February 6, 2007)

Regulatory Patterns for Large Scale Information Flows

Fair Credit Reporting Act

Nearly unlimited information collection
Unlimited analysis
Strict usage limits
Harsh penalties for mis-use
Feedback loop to ensure accuracy

Securities Laws

required reports
significant penalites for failure to file
virtually no review of substance of reports unless some stops trouble
criminal penalty for misreporting

The Web Today

today's web architecture

The Web with Information Accountability Mechanisms


	#Policy Aware Transaction Logs #Policy Language Framework #Policy Reasoning Tools

Conclusion

Web has changed our relationship to information

Controlling information flow will no longer suffice to ensure adherence to policy

Goal -- new systems that support accountability to policy rules

Discussion and More Information

For more information see:

Weitzner, Abelson, Berners-Lee, Feigenbaum, Hendler, Sussman, Information Accountability, MIT CSAIL Technical Report MIT-CSAIL-TR-2007 (13 June 2007)
Feigenbaum and Weitzner (eds.), "Report on the 2006 TAMI/Portia Workshop on Privacy and Accountability."
Transparent, Accountable Datamining Initiative (TAMI): http://groups.csail.mit.edu/dig/TAMI
Policy Aware Web project (PAW): http://www.policyawareweb.org/
Weitzner, Abelson, Berners-Lee, Hanson, Hendler, Kagal, McGuinness, Sussman, Waterman, Transparent Accountable Data Mining: New Strategies for Privacy Protection,; MIT CSAIL Technical Report MIT-CSAIL-TR-2006-007 [DSpace handle] (27 January 2006).

Work described here is supported by the US National Science Foundation Cybertrust Program (05-518) and ITR Program (04-012).

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.