Group D Privacy with accountability, auditability and transparency.
-
Upload
morris-melton -
Category
Documents
-
view
212 -
download
0
Transcript of Group D Privacy with accountability, auditability and transparency.
![Page 1: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/1.jpg)
Group D
Privacy with accountability, auditability and transparency
![Page 2: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/2.jpg)
Accountability, auditability and transparency in
service of Privacy
![Page 3: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/3.jpg)
18 Nov 2003 3
Grand Challenge Statement
Develop technologies that allow individuals, governments and organizations to control the release and use of information according to flexible and understandable policies.
![Page 4: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/4.jpg)
18 Nov 2003 4
Motivating Scenario• It will soon be possible to determine an
individual’s complete genome• Terrific benefits:
– Customized medical treatments– Knowledge of predisposition for diseases– Aid medical research
• Terrific risk of abuse:– Unauthorized use by insurance, employers,
law enforcement
![Page 5: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/5.jpg)
18 Nov 2003 5
Enabling Assumptions1. There will be semi-trusted computing
platforms (can provide a program to a machine and believe it will execute it only as intended).
2. Legal mechanisms will be in place to sufficiently deter misuse.
3. Perfect encryption primitives are available.
We don’t believe any of these exist yet…but close enough approximations do.
![Page 6: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/6.jpg)
18 Nov 2003 6
Policy Questions• Who should set the policies?
– Individuals: change balance of power• It shouldn’t be up to individuals to understand and agree to a
service’s privacy policy• Instead, individuals provide data in a way that enforces their
policies, and the service decides what service to provide
– Society: “owner” is not only one impacted• Releasing my genome also releases information about my
sister, parents, etc.• Society may deserve to know about criminal records,
infectious diseases, etc.
Non-technical issues, but technology must be ableto support range of desired policies.
![Page 7: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/7.jpg)
18 Nov 2003 7
Policy Questions• How do you express and reason about
policies?– Average users need to understand what policies
allow and disallow, and select (maybe define) policies that reflect their intent
– Privacy policies are complex: release of information, history, location (jurisdiction), remnants, independence
– Transfers between programs and organizations
Design languages for defining policies, tools for reasoning about what policies allow, models for
presenting policies that are understandable
![Page 8: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/8.jpg)
18 Nov 2003 8
Accountability• Need workarounds: Doctor in foreign
country should be able to get medical history of unconscious patient
• Auditability: policies can specify that information is only released if an audit record is produced– Privacy of requestor may conflict with policy
• Policies can relate information release and use to accountability of user: credentials expand accountability, laws in user’s jurisdiction
![Page 9: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/9.jpg)
18 Nov 2003 9
Enforcement• Control for release and use of data has to be
part of data itself– Programs that release information according to a
policy (DRM-like)
• Constrain the use of that information after it is released to one program, but not yet to another (or a human)
• Revocation: if there is a mistake, can we retrieve all information derived from bad data
![Page 10: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/10.jpg)
18 Nov 2003 10
Timeline
Now 3 years 5 years 7 years
RevocationControl Use
Control ReleaseEnforcement
Policies thatdepend onjurisdiction,revocationpolicies
Policies that vary with Accountability, Society-level policies
UnderstandableRelease PoliciesFor Individuals
Policies
![Page 11: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/11.jpg)
18 Nov 2003 11
Impact
Success criterion:
People are willing to provide their genome to medical databases in a way that enables customized treatments and medical research, without fear that it will be abused.
![Page 12: Group D Privacy with accountability, auditability and transparency.](https://reader036.fdocuments.in/reader036/viewer/2022083005/56649f125503460f94c259f8/html5/thumbnails/12.jpg)
18 Nov 2003 12
Recap: Challenge Statement
Develop technologies that allow individuals, governments and organizations to control the release and use of information according to flexible and understandable policies.