1 / 12

Privacy and Security Meeting Insights - IBM Almaden Institute 2003

These notes summarize a discussion on technology requirements for privacy at the IBM Almaden Institute 2003. Explore issues such as managing data use, trust relationships, transparency, incentives, and more in the context of individual, organizational, government, and societal privacy and security concerns. Learn about traditional and modern topics, primary and secondary data use, mechanisms for enforcement, incentives, and the human factor in privacy and security.

tbay
Download Presentation

Privacy and Security Meeting Insights - IBM Almaden Institute 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy and Security Lowell Meeting Joe Hellerstein

  2. These notes based on prior discussion • IBM Almaden Institute 2003: Privacy • Organizer: Rakesh Agrawal • These notes resulted from a group discussion I led: • “Technology requirements for privacy.” • Many participants, including computer scientists, government officials, product managers • Distillation is my own • I should be blamed for errors, misrepresentations, etc.

  3. Whose Privacy? Whose Security? • Individual • Organization (corporation, library, school) • Government • Society

  4. Traditional Topics & Today • Access control • Views (need-to-know) • Roles, not individuals • Etc. • Now mix in: • Serious adversaries (pass the bit tweezers) • Large timescales • Scale • # of people: every person now has rights and access • # of info-gatherers (people and “sensors”) • Cross-source data integration: 1+1 >> 2!! • Amount that people care

  5. Some issues • Managing Data Use • Trust Relationships • Transparency • Incentives • Mechanisms • Goals/metrics

  6. Primary & Secondary Use • Examples • The Prozac fiasco • Cameras at traffic lights • Specification of purpose for which data is collected • Mechanisms for enforcement of primary use?

  7. Trust & Relationships • Two sorts of trust • Policy adherence trust (enforce/check-able?) • Relationship trust with the data recipient • may be only loosely related to policy adherence • Change in relationships can occur between data provider and data recipient • E.g. recipient participates in merger/acquisition • Effects on policy adherence • Effects on desirability of relationship.

  8. Transparency • Of use • Policy crisp and comprehensible? (not p3p!) • Of disclosure • You should be able to know what information you give out • E.g. unclear whether the magstripe on your driver’s license has the same info as the text • Of extraction • How do I know what info is extracted, and whether it’s extracted faithfully? • E.g. swiping my driver’s license proves I’m >21, but swiping it also can time- and location-stamp me • Does the voting booth correctly record/transmit my vote? • Of data destruction • Impossible to ensure?

  9. Incentives • Economic mechanisms? • Graduated, not Boolean (opt-in/out) settings? • Privacy is not a fungible good • My privacy is more important to me than to you, and vice-versa • The costs of privacy • Dollar costs? • E.g. black market value of identity today (assertion: $60 per capita). Value chain that follows? • Frictional costs to doing business • Cost vs. Usability • E.g. unsafe human rights environments

  10. Mechanisms • Authorization vs. Accountability • I.e. “enforcement” in the CS sense vs. the police sense • Accountability scales better? • Graceful degradation? • Single point of failure = total leak forever? • Erasure rather than leakage? • The human factor • Human leaks • Key management • Long Timescales?

  11. Goals & Metrics • Store my data forever? • Not necessarily! • Enforce my policy forever? • Not necessarily! • Ease of use! • But how? • Problem statements here are very tricky.

  12. One Framework for Discussion Target “User” Technical Approaches (By analogy to Real World)

More Related