1 / 11

Feature Interactions in Policy-Driven Privacy Management

Feature Interactions in Policy-Driven Privacy Management. George Yee Larry Korba Network Computing Group Institute for Information Technology National Research Council Canada {George.Yee, Larry.Korba}@nrc-cnrc.gc.ca www.nrc-cnrc.gc.ca/iit. FIW’03. Contents. Introduction

taniel
Download Presentation

Feature Interactions in Policy-Driven Privacy Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Feature Interactions in Policy-Driven Privacy Management George Yee Larry Korba Network Computing Group Institute for Information Technology National Research Council Canada {George.Yee, Larry.Korba}@nrc-cnrc.gc.ca www.nrc-cnrc.gc.ca/iit FIW’03

  2. Contents • Introduction • Privacy Policies • Privacy Policy Interactions • Preventing Unexpected Bad Outcomes • Conclusions and Future Research FIW’03

  3. Provider Consumer Consumer Consumer Provider Consumer Provider Introduction • Proliferation of e-services • Exchange of privacy policies Policy Exchanges  ? Interactions, ? Outcomes How can the bad outcomes be avoided? • Started with negotiation of privacy policies for e-learning FIW’03

  4. Privacy Policy: E-learning Owner: E-learning Unlimited Who: Any What: name, address, tel Purpose: identification Time: As long as needed Who: Any What: Course Marks Purpose: Records Time: 1 year Privacy Policy: Book Seller Owner: All Books Online Who: Any What: name, address, tel Purpose: identification Time: As long as needed Who: Any What: credit card Purpose: payment Time: until payment complete Privacy Policy: Medical Help Owner: Nursing Online Who: Any What: name, address, tel Purpose: contact Time: As long as needed Who: Any What: medical condition Purpose: treatment Time: 1 year Privacy Policy: E-learning Owner: Alice Consumer Who: Any What: name, address, tel Purpose: identification Time: As long as needed Who: Any What: Course Marks Purpose: Records Time: 2 years Privacy Policy: Book Seller Owner: Alice Consumer Who: Any What: name, address, tel Purpose: identification Time: As long as needed Privacy Policy: Medical Help Owner: Alice Consumer Who: Any What: name, address, tel Purpose: contact Time: As long as needed Who: Dr. Alexander Smith What: medical condition Purpose: treatment Time: As long as needed Privacy Policies • Privacy Principles who, what, purpose, time FIW’03

  5. Policy Exchange Provider PA Consumer CA PP PP Privacy Policy Interactions • Rules of Policy Exchange • Provider wants more private info; consumer wants to give up less private info • Match: privacy(consumer)  privacy(provider), otherwise mismatch • privacy (long time) < privacy (short time) • policy upgrade  more privacy • policy downgrade  less privacy FIW’03

  6. Privacy Policy Interactions • Privacy policy vs. telecom feature • Similarities • Privacy policy: handling of private data, Telecom feature: handling of traffic • Executions • Individual correctness, unexpected outcomes in combination • Differences • Telecom FI: side-effects; Policy FI: normal working • Certainty of unexpected outcomes FIW’03

  7. Privacy Policy Interactions • 1 consumer to 1 provider • Policies match; have service • If match is last of many failed attempts, provider may be less attractive in other criteria • If match after downgrade, may be hidden costs of less privacy • Hidden costs of safeguards • Unexpected outcomes, e.g. Nursing Online • Policies mismatch; no service • Consumer, provider may downgrade their policies • Possible denial of service with very serious consequences, e.g. Nursing Online FIW’03

  8. Provider 1 PA1 CA PP1 PP Consumer CA PA2 Provider 2 PP2 PP Privacy Policy Interactions • 1 consumer to n>1 providers • Policies match for at least 1 provider, have service • Above 1-1 outcomes for match • Consumer may be able to select best provider • Policies mismatch, no service • Above 1-1 outcomes for mismatch • Consumer may downgrade policy to match best provider FIW’03

  9. PA Consumer 1 CA1 PP PP1 Provider CA2 PA Consumer 2 PP PP2 Privacy Policy Interactions • n>1 consumers to 1 provider • Policies match for at least 1 consumer, have service • Above 1-1 outcomes for match • Provider may be able to select best consumer • Policies mismatch, no service • Above 1-1 outcomes for mismatch • Provider may be able to downgrade policy to match best consumer FIW’03

  10. Nursing Online (Provider) Alice (Consumer) OK if a nurse on our staff sees your medical condition? No, only Dr. Alexander Smith can see my medical condition. We cannot provide you with any nursing service unless we know your medical condition. OK, I’ll see Dr. Smith instead. You are putting yourself at risk. What if you need emergency medical help for your condition and Dr. Smith is not available? You are right. Do you have any doctors on staff? Yes, we always have doctors on call. OK to allow them to know your medical condition? That is acceptable. Preventing Unexpected Bad Outcomes • Consumer and provider agents negotiate privacy policies to mitigate or eliminate bad outcomes • Reduce number of mismatches • Force consideration of policy implications FIW’03

  11. Conclusions and Future Research • Privacy policies may be expressed in terms of who, what, purpose, and time • Agent proxies for consumers and providers exchange and compare privacy policies prior to service initiation • Such exchanges can lead to unexpected interaction outcomes with negative consequences • Rather than simple matching, privacy policies need to be negotiated, reducing or eliminating harmful interaction outcomes • Future research: • Policies can change over time  revisit agreed policies? • Other methods in conjunction with negotiation? • Experiment with privacy negotiation prototype FIW’03

More Related