Transcript of The Economics of Surveillance Workshop, Web Science 2015 Privacy By Obfuscation With Personal Data...
- Slide 1
- The Economics of Surveillance Workshop, Web Science 2015
Privacy By Obfuscation With Personal Data Management Architectures
Dave Murray-Rust 1, Kieron OHara 2, Marion Oswald 3, Max Van Kleek
2 & Nigel Shadbolt 2 1 School of Informatics, University of
Edinburgh 2 Electronics and Computer Science, University of
Southampton 3 Centre for Information Rights, University of
Winchester
- Slide 2
- From Action to Data We are categorised without control boyd
context collapse Lyon leaky containers Althusser/Butler
interpellation Nissenbaum contextual integrity One defence
mechanism Stirner the heroism of the lie
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Presented this morning!
- Slide 10
- do people (still) lie online? why and how often? do people
(still) use false identities online? do people lie on some social
machines more than others? why? how do people feel about these
actions/
- Slide 11
- How often do you tell lies on social media? never often
N=387
- Slide 12
- playup privacy yes conform playdown soceng mitigate creative
safety coherence explore
- Slide 13
- privacy (N=17) On fetish sites, I will lie about my birthday
(displacing my age by a few months to a year in the process) and my
hometown, making my identity there harder to connect to my real
identity. (p461) Age and place of residence once, i did not want
people to link my account on a website to me. (p102) identity
linkage not really, even on my "anonymous", NSFW, twitter account I
don't lie, it's more just withholding information that would reveal
my identity (p464)
- Slide 14
- The major untruth I tell is pretending to be a man rather than
a woman on YouTube - I know its bad and not helping the cause, but
I know that if I want to convince someone of a particular point, if
I pretend to be a man my sayings wont be regarded through the bias
of my gender, while if I say opinions (completely disconnected from
gender issues) as a woman, it will probably be the 1st thing my
opponents will use in a debate. (p301) conform (N=9) i have
pretended to be in favour of certain political/social movements to
protect myself from harassment. (p60)
- Slide 15
- spy - protection against information misuse by platforms that
require the information, distrust of these platforms Whenever my
real name is not required, I give a false name. More than hiding my
identity, it is a way (although quite possibly insufficient) to
prevent such platforms from connecting together my different
identities, and then jumping to conclusions I did not ask them to
make. (p500) I use pseudonyms for some websites that require
details for example email addresses and in the terms and conditions
it states that it will give your details to third parties, as I do
not want spam and phishing emails or any third parties to have my
name and contact details for security reasons. (p425)
- Slide 16
- Current approach to "Big Data": 1. Harvest data from users 2.
Consolidate data into large databases 3. Run analytics to derive
insight decouples people from their own data facilitates abuse, use
in unintended purposes and irresponsible data handling practices
reduces trust, increases fear by individuals makes them less
open
- Slide 17
- Current approach to "Big Data": 1. Harvest data from users 2.
Consolidate data into large databases 3. Run analytics to derive
insight decoupling people from their own data facilitates abuse,
use in unintended purposes and irresponsible data handling
practices reduces trust, increases fear by individuals makes them
less open allow people to keep their personal data themselves
Supporting direct distributed query on distributed stores allow
people to act effectively as controller of their own data
facilitate accountability and provenance engage + empower people to
share for mutual benefit
- Slide 18
- identity consolidation and forced verified ID among social
machines and places platforms as central information controllers
precludes identity partitioning platform- centralised web
- Slide 19
- Semi-trusted sharing
- Slide 20
- Mediated Data Sharing
- Slide 21
- history of interactions identity, demographic & social
network data sensed context Personal Data Management Architecture
designed to act as privacy & identity assistant select among
multiple identities to enable separation of activities generate
contexts appropriate to needs and situation
- Slide 22
- v v at the centre of each persons ecosystem is their social
personal data management architecture re-de-centralised web w/
PDMAs
- Slide 23
- Who has been near cattle in Shropshire in the past 6 weeks and
is experiencing the following symptoms: nausea, fever, swollen
glands, tiredness? answering questions to a trusted party NHS
Shropshire Trust signature: 9239898192839983 public key:
b0092301f2903eaa whos asking? oh ok! heres my encrypted answer
- Slide 24
- 21 st Century Devious Man But if I have access to my own rich
data (e.g. quantified self) And I have a wider picture via others
data (e.g. e-commerce) And I control who gets to share it Then I
can use traditional techniques to preserve autonomy Mendacity
Anonymisation/data perturbation
- Slide 25
- Can our devices help us? Murray-Rust, D., van Kleek, M.,
Dragan, L., Shadbolt, N. 2014: Social Palimpsests - clouding the
lens of the personal panopticon. Digital Enlightenment Forum
Yearbook
- Slide 26
- Can our devices help us?
- Slide 27
- The Power of Social
- Slide 28
- Contract & PDMAs Are terms set by the individual an offer?
Can the offer be accepted using a website? Battle of the forms
Effect of Consumer Rights Act 2015 on negotiated agreements
- Slide 29
- PDMAs Ts & Cs 1. The individual decides to which
organisation the data is to be received. 2. The individual decides
the period and the purposes for which the other can keep and use
the data. 3. The organisation agrees not to share any of the data
it receives with any third parties without express written
permission from the individual. 4. The data will be stored and
processed by the other in accordance with all laws and regulations
in the individuals country. 5. This agreement shall not be varied
without agreement of individual. 6. Any data provided by the
individual will be owned by the individual and this includes any
derived data. 7. Right to exit.
- Slide 30
- Ownership of data? 1.Property rights? Who gets to own data?
Ownership v control v partial control 2. Issues? Politically
unsaleable, risky to public domain, easily signed away [Lemley,
2000] 3. Service providers using PDS no longer considered as data
controllers? What about PDMAs?
- Slide 31
- Theories and the right to identity Solove secrecy paradigm
Nissenbaum contextual integrity Public/Private Dichotomy
- Slide 32
- Obfuscation: criminal offence issues Fraud & Computer
Misuse Illicit intentions: fraud, paedophilia, terrorism Conduct of
the user
- Slide 33
- Obfuscation Its all in the contract* * David Chalk
- Slide 34
- A way for the individual to achieve battlefield superiority?
There is potential Legal/regulatory/ jurisdictional challenges Goes
with the grain of psychology Letting society off the hook?