1 / 12

It’s not what IT does to Privacy it’s what Privacy does to IT

It’s not what IT does to Privacy it’s what Privacy does to IT. Robert Thibadeau, Ph.D. www.internetlab.ri.cmu.edu www.w3.org/p3p www.istpa.org www.intelytics.com rht@cs.cmu.edu. Information Privacy. Law. Technology. No matter how much you want to, you can’t get

simone
Download Presentation

It’s not what IT does to Privacy it’s what Privacy does to IT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. It’s not what IT does to Privacy it’s what Privacy does to IT Robert Thibadeau, Ph.D. www.internetlab.ri.cmu.edu www.w3.org/p3pwww.istpa.org www.intelytics.com rht@cs.cmu.edu

  2. InformationPrivacy Law Technology No matter how much you want to, you can’t get technology out of privacy or the law out of privacy

  3. Reasons • There is no technically perfect solution possible : Thomas Jefferson’s notion of public and private. • Therefore the Law becomes Indispensible, and the LAW is always at Fault if it is not there providing protection. • Technology – actually the computer – will always surprise you : The Turing Principle • Therefore Technology cannot be frozen to a form, and the LAW is responsible, not technology • Technology – you need locks on the doors, systems to facilitate privacy, and systems for policing of the laws • This requires Technology

  4. Negotiating Privacy in a Millisecond A HARD PROBLEM FOR IT DICTATED BY PRIVACY

  5. Privacy Server Protocolhttp://yuan.ecom.cmu.edu/pspnow the basis for the European JAVA Demonstrator • Port-based, not (necessarily) HTTP • Scope : Persistence in Time and Scoping across Modality • P3P Vocabulary (as excellent starter) • Negotiated Privacy • Persona Driven • Bilateral Privacy • Museums - Universal Studios – Ford Have Privacy Needs Too • Non-Repudiate-able Contracts • Utilizing ASN.1/SMPTE 298M/DVBX Globally Unique Contract Names without central servers.

  6. CMU PERSONA MODEL Web Site Server Agent Client Browser User Agent Amazon Shopper BN Shopper Schwab StockPicker BUY Shopper DoubleClick User Privacy Policy Agreements Amazon Shopper CMU Shadow DoubleClick User Database System

  7. CMU PERSONA MODEL Web Site Server Agent Client Browser User Agent I want the Shopping Cart Amazon Shopper Need to be a Shopper BN Shopper Schwab StockPicker BUY Shopper I ‘m an Amazon Shopper DoubleClick User Amazon Shopper OK, Sign Here CMU Shadow DoubleClick User OK, Now you Sign Database System Done, Come on In!

  8. CMU PERSONA MODEL *ALT Web Site Server Agent Client Browser User Agent I want the Shopping Cart Need to be a BN Shopper Amazon Shopper BN Shopper What’s That? Schwab StockPicker It’s This P3P Policy BUY Shopper DoubleClick User Can I be an Amazon Shopper? Amazon Shopper CMU Shadow OK, Sign Here DoubleClick User Database System OK, Now you Sign Done, Come on In!

  9. CMU PERSONA MODEL *ALT Web Site Server Agent Client Browser User Agent I want the Shopping Cart Need to be a Shopper Amazon Shopper Can I be an Amazon Shopper? BN Shopper Schwab StockPicker OK, But you need to be DoubleClick User TOO! BUY Shopper DoubleClick User Amazon Shopper CMU Shadow OK, Sign Here DoubleClick User OK, Now You Sign Database System Done, I’m Coming In!

  10. cmu persona A Persona is a Set of Credentials of which a Proper Subset is distinguished for Authorizing Access To the Remainder of the Set Username : <string> Password : <string> Name : <string> Credit Card Number : <string> Card Expiration : <string> Mailing Address : <string> Mothers Name : <string> Child Persona : <p-name> … Credentials as Other Persona PERSONA P3P APPEL : <script> Recogniz-er : <script> FillerIn-er : <script> Communicat-er : <script> HowToUse-er : <script>

  11. cmu persona interface IE/Netscape Plugin is EMPTY PERSONA EDIT OR APPLY ENGINE Fill it with actual person in different ways: REMOTE BASESTATION WEB SERVER : PORT 80 (Web Page Activates Persona) CMU PERSONA PLUGIN Active Persona Storage AMAZON SHOPPER AMAZON SHOPPER My Secure Hard Disk OR My Floppy Disk MY OTHER SHOPPER MY OTHER SHOPPER THIRD PARTY WEB SERVER : PORT 80 Like to Use Amazon Shopper

More Related