1 / 25

From P3P to Data Licensing

From P3P to Data Licensing. Cha, Shi-Cho ( 查士朝 ) and Joung, Yuh-zer ( 莊裕澤 ) Dept. of Information Management Nation Taiwan University, Taipei, Taiwan csc@mba.ntu.edu.tw joung@ccms.ntu.edu.tw. Outlines. Introduction Concept and benefits of Online Personal Data Licensing (OPDL)

laasya
Download Presentation

From P3P to Data Licensing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. From P3P to Data Licensing Cha, Shi-Cho (查士朝) and Joung, Yuh-zer (莊裕澤) Dept. of Information Management Nation Taiwan University, Taipei, Taiwan csc@mba.ntu.edu.tw joung@ccms.ntu.edu.tw

  2. Outlines • Introduction • Concept and benefits of Online Personal Data Licensing (OPDL) • Demonstrations of OPDL • Conclusions 2

  3. Introduction • Personal data are wildly used for different purposes. • Some are good for people • Personal data can also be abused, e.g. • Unsolicited commercial e-mail • Credit card fraud • Many countries have enacted laws to protect personal data. 3

  4. Introduction (Cont’d) • The consent principle • There are different kinds of consent • Written consent can provide the strongest power of evidence • In the cyberspace, to consider the efficiency, passive consent is usually allowed and adopted • A Web site can only disclose its practices about personal data 4

  5. We do not collect personal data We collect click-streams Policy 1 Policy 2 An Example of the Problem With Passive Consent It is hard for the person to prove that he does not know the Privacy Policy 2 ! Time 5

  6. Framework of Online Personal Data Licensing (OPDL) • To concretize people’s consents by letting users issue licenses of collecting and using their data • Application and service providers must obtain a license from a person before collecting, processing, and using the person’s personal data. 6

  7. Benefits of Using Licenses • Licenses can be shown while some personal data are used. 7

  8. Benefits of Using Licenses (Cont’d) • Licenses can be used in auditing processes to prevent data misuse 8

  9. Benefits of Using Licenses (Cont’d) • Licenses can be used as evidence to prove that a site has misused a person’s data. 9

  10. More Benefits of OPDL • Permission to collect or use a person’s data is determined and given by the person himself/herself. • It also makes users begin to think about the damages when licensed data are misused when the users set their preferences • People can obtain more clear information about who have owned their personal data. 10

  11. Demonstrations of OPDL 11

  12. Licensing Proposal • The Licensing Proposal of OPDL is based on the P3P’s privacy policy • The main modification is adding security consideration into a proposal. • The security policy, risk assessment and controls against the risks can be provided. • The requester can be certified by a certification organization (e.g., based on BS7799/ ISO17799) • A TCSEC-like tag can be used 12

  13. Example Licensing Proposal <?xml version="1.0" encoding="UTF-8" ?> <PROPOSAL ID="f3eb4bc166"> <POLICY name="Test Proposal" discuri="http://exampleshop/privacypolicy.html"> <ENTITY><DATA-GROUP><DATA ref="#business.name">Example Enterprise</DATA></DATA-GROUP> </ENTITY> <SECURITY-POLICY discuri="http://exampleshop/securitypolicy.html" risks="http://exampleshop/risks.html" controls="http://exampleshop/controls.html"> <POLICY-TAG><MANDATORY></POLICY-TAG></SECURITY-POLICY> <DISPUTES-GROUP><DISPUTES service="Trust Certification Organization"></DISPUTES></DISPUTES-GROUP> <STATEMENT><PURPOSE><pseudo-analysis></pseudo-analysis></PURPOSE> <RETENTION><indefinitely></indefinitely></RETENTION> <DATA-GROUP><DATA ref="#user.name.nickname"></DATA></DATA-GROUP> </STATEMENT> </POLICY> <SIGNATURE algorithm="DSA"> MCwCFEC6jCCVmJoU/MNVLgkbOSHxTO8QAhRld6MRdFpi9MvtzD/f91U1aNC81g==</SIGNATURE> </PROPOSAL> The information about the requester of the proposal: <ENTITY> <DATA-GROUP><DATA ref="#business.name">Example Enterprise</DATA></DATA-GROUP> </ENTITY> The requester’s security policy: <SECURITY-POLICY discuri="http://exampleshop/securitypolicy.html" risks="http://exampleshop/risks.html" controls="http://exampleshop/controls.html"> <POLICY-TAG><MANDATORY /></POLICY-TAG></SECURITY-POLICY> Which organization certifies the requester: <DISPUTES-GROUP><DISPUTES service="Trust Certification Organization"></DISPUTES></DISPUTES-GROUP> Data Requested: <STATEMENT><PURPOSE><pseudo-analysis></pseudo-analysis></PURPOSE> <RETENTION><indefinitely></indefinitely></RETENTION> <DATA-GROUP><DATA ref="#user.name.nickname"></DATA> </DATA-GROUP> </STATEMENT> 13

  14. 14

  15. Proposal Processing • The PDL processes a proposal based on the data subject’s preferences • The preferences are based on APPEL. For each preference rule, it contains the following components: • Action taken when a rule is matching • The rule’s target • The rule is specified to what data • The rule is applied to whom • The requirement of certification • The security level requirement • The purposes constraints • The retention policies constraints 15

  16. Flow Chart of Proposal Processing 16

  17. 17

  18. User Notification 18

  19. 19

  20. License Issuing • A decomposable license format is used: • Auditing or gate-keeping mechanism may only need part of a license. • If a person wishes to update some part of his issued license, the person can update necessary parts instead of reissuing the whole license. 20

  21. An Example of a License <?xml version="1.0" encoding="UTF-8"?><LICENSE> <LICENSE-HEADER><LICENSER><NAME>CN=CSC, OU=CSC, O=CSC, L=Taipei, ST=Taipei, C=TW</NAME><CERT-ISSUER>CN=CSC, OU=CSC, O=CSC, L=Taipei, ST=Taipei, C=TW</CERT-ISSUER><CERT-SERIAL>1042957664</CERT-SERIAL></LICENSER><ISSUE-DATE>Sun Mar 16 00:11:22 CST 2003</ISSUE-DATE><ENTITY><DATA-GROUP><DATA ref="#business.name">Example Enterprise</DATA></DATA-GROUP></ENTITY><SECURITY-POLICY discuri="http://exampleshop/securitypolicy.html" risks="http://exampleshop/risks.html" controls="http://exampleshop/controls.html"><POLICY-TAG><MANDATORY /></POLICY-TAG></SECURITY-POLICY><DISPUTES-GROUP><DISPUTES service="Trust Certification Organization"></DISPUTES></DISPUTES-GROUP></LICENSE-HEADER><LICENSE-BODY> <CLAUSE ID="f3f2731bb9"><STATEMENT><CONSEQUENCE>Gender</CONSEQUENCE><PURPOSE><current /><admin /><develop /><customization /></PURPOSE><RETENTION><indefinitely /></RETENTION><DATA-GROUP><DATA ref="#user.gender">Male</DATA></DATA-GROUP></STATEMENT><SIGNATURE algorithm="DSA">MCwCFBZYtH/xneRtEgVVjdCBCypfeWCVAhRWH8jm1xvETkYSfrrHNPpma2t9Uw== </SIGNATURE></CLAUSE> <CLAUSE ID="f3f2731bd8"><STATEMENT><CONSEQUENCE>Jobtitle</CONSEQUENCE><PURPOSE><develop /><customization /><tailoring /></PURPOSE><RETENTION><indefinitely /></RETENTION><DATA-GROUP><DATA ref="#user.jobtitle">Test</DATA></DATA-GROUP></STATEMENT><SIGNATURE algorithm="DSA">MC0CFCoA678dpmVlEaNnBwPfBmoDPmKYAhUAgrEg3BoVKiZVsWcx1Fo1dSOUUmU= </SIGNATURE></CLAUSE> </LICENSE-BODY></LICENSE> Header Clause 1 Clause 2 21

  22. Conclusions • OPDL requires service providers to obtain licenses before collecting, processing and using their users’ data • Compared to P3P, OPDL not only lets individuals know the privacy practices of a Web site, but also enforce the practices. • OPDL brings the control of personal data back to the owner of data. • Licenses of OPDL can provide the same power of evidence as written consent 22

  23. Questions? Contact information: csc@mba.ntu.edu.tw http://www.mba.ntu.edu.tw/~csc/ 23

  24. Suggested Future Work • Legislation Requirement • To enhance the concept to other conditions (because Internet is not the only source that a enterprise can collect personal data). • Interface design • A more complex negotiation model (e.g., to enable a person to “sell” his/her personal data) 24

  25. Appendix: The Role of OPDL in Misuse Regulation 25

More Related