140 likes | 342 Views
Privacy and Digital Rights Management. Poorvi Vora Dave Reynolds Ian Dickinson John Erickson Dave Banks Publishing Systems and Solutions Lab., Hewlett Packard Labs. January 22, 2001. Reasons for concern. Privacy infringement is common across the Internet
E N D
Privacy and Digital Rights Management Poorvi Vora Dave Reynolds Ian Dickinson John Erickson Dave Banks Publishing Systems and Solutions Lab., Hewlett Packard Labs. January 22, 2001 Hewlett-Packard Co.
Reasons for concern • Privacy infringement is common across the Internet • Consumers are responding with class action suits and strongly negative responses through stock value depreciation (e.g. Intel, DoubleClick, Real Jukebox) • Privacy infringement possibilities are amplified with commerce in digital assets (through detailed usage tracking) • This infringement is not necessary for fraud prevention • This implies that the legal liability of data collectors is amplified Hewlett-Packard Co.
Consumers are concerned about privacy Those who depend on privacy invasion to prevent fraudulent use of digital assets can be legally liable P3P credibility will be diminished by privacy infringement in any other W3C standard All of this impacts the efficacy of the standard Why should a W3C DRM standards effort care? Hewlett-Packard Co.
Potential Privacy Invasions in a DRM System • User Authentication Current PKI-based protocols limit the degree of anonymity • Usage tracking for fraud prevention Many ways of doing this - it need not be as invasive as it currently is All controls are in the hand of the content provider. The focus of DRM systems has to move towards including the consumer as a first-class participant, resulting in a more neutral system which is more likely to be trusted, and hence used, by the consumer. Hewlett-Packard Co.
Personal profiles are assets in the system, with: ownership, access and usage rights, and rights and descriptive metadata associated with them. Identity is part of the personal profile. Proof of identity, in so much as it involves: divulgence of the personal profile, or allows for its divulgence through unique identifiers, is trade in an asset when the information revealed is more than the minimum required Consumer as first-class participant means: Hewlett-Packard Co.
User authentication: a range of methods with different degrees of anonymity; the maximum extent of anonymity allowed by the system is determined by technical feasibility; what method is used is determined by the consumer and the content provider Rights clearing: The consumer participates in the degree of tracking established Consumer profiles: consumer assets in the system All transactions explicit, and with consumer participation Consumer as first-class participant means, specifically: Hewlett-Packard Co.
Existing Anonymity Technology • Trusted (screening) Mediator: • The mediator knows other transaction details (when, between which parties, etc.) even if the information is encrypted • Mediator liable for data security, or else mediator snafus result in violations • Digital pseudonyms (Nyms) • Multiple persona prevent collation of data across different persona • Can be implemented within existing PKI with some changes • Proofs of Knowledge (POK) within and outside the existing Public Key Infrastructure (PKI) • Provides a more general framework for the inclusion of more anonymous techniques to prove access rights, voucher possession, etc. Hewlett-Packard Co.
Existing Privacy Expression Technology • Access Rights Expression: P3P is a beginning • Need vocabularies for: • Profile description (metadata on personal profiles) including granularity of usage profiles • Degree of tracking information Hewlett-Packard Co.
User Authentication with Degrees and types of anonymity, for example: PKI SPKI Nym Anonymized through trusted third party POK Choice of when to reveal identity and to what extent Example Workshop Outcome A framework consistent with: Hewlett-Packard Co.
Usage Tracking with Extent of tracking (what is being tracked?) Controlled revelation of usage data: specification of granularity level of usage data (in what detail is it being tracked?) Rights clearing with degree of usage and rights information staying with client vs. rights clearing agency (how much of the tracking information is sent back to the clearing agency and at what level of aggregation) Example Workshop Outcome A framework consistent with: Hewlett-Packard Co.
how often the rights clearing agency is contacted wrt asset access what is the granularity of divulged usage logs Example Workshop Outcome A fulfillment protocol including: Hewlett-Packard Co.
Expression: Vocabularies for profile description (metadata about profile, including granularity) Access rights (P3P, XrML) Degree of tracking Degree of anonymity Enable combinations of profiles and other assets into composite documents Protocols: Identity proofs and access control decisions determined by Proofs of Knowledge Compliance: Dependent on POKs and not on identity divulgence Example outcome wrt HP main position paper (Erickson et al): Hewlett-Packard Co.
Personal profiles are assets in the system, with: ownership, access and usage rights, and rights and descriptive metadata associated with them. Identity is part of the personal profile. Proof of identity, in so much as it involves: divulgence of the personal profile, or allows for its divulgence through unique identifiers, is trade in an asset. Consumer as first-class participant means: Hewlett-Packard Co.