Slide 1

The Economics of Surveillance Workshop, Web Science 2015 Privacy By Obfuscation With Personal Data Management Architectures Dave Murray-Rust 1, Kieron OHara 2, Marion Oswald 3, Max Van Kleek 2 & Nigel Shadbolt 2 1 School of Informatics, University of Edinburgh 2 Electronics and Computer Science, University of Southampton 3 Centre for Information Rights, University of Winchester

Slide 2

From Action to Data We are categorised without control boyd context collapse Lyon leaky containers Althusser/Butler interpellation Nissenbaum contextual integrity One defence mechanism Stirner the heroism of the lie

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Presented this morning!

Slide 10

do people (still) lie online? why and how often? do people (still) use false identities online? do people lie on some social machines more than others? why? how do people feel about these actions/

Slide 11

How often do you tell lies on social media? never often N=387

Slide 12

playup privacy yes conform playdown soceng mitigate creative safety coherence explore

Slide 13

privacy (N=17) On fetish sites, I will lie about my birthday (displacing my age by a few months to a year in the process) and my hometown, making my identity there harder to connect to my real identity. (p461) Age and place of residence once, i did not want people to link my account on a website to me. (p102) identity linkage not really, even on my "anonymous", NSFW, twitter account I don't lie, it's more just withholding information that would reveal my identity (p464)

Slide 14

The major untruth I tell is pretending to be a man rather than a woman on YouTube - I know its bad and not helping the cause, but I know that if I want to convince someone of a particular point, if I pretend to be a man my sayings wont be regarded through the bias of my gender, while if I say opinions (completely disconnected from gender issues) as a woman, it will probably be the 1st thing my opponents will use in a debate. (p301) conform (N=9) i have pretended to be in favour of certain political/social movements to protect myself from harassment. (p60)

Slide 15

spy - protection against information misuse by platforms that require the information, distrust of these platforms Whenever my real name is not required, I give a false name. More than hiding my identity, it is a way (although quite possibly insufficient) to prevent such platforms from connecting together my different identities, and then jumping to conclusions I did not ask them to make. (p500) I use pseudonyms for some websites that require details for example email addresses and in the terms and conditions it states that it will give your details to third parties, as I do not want spam and phishing emails or any third parties to have my name and contact details for security reasons. (p425)

Slide 16

Current approach to "Big Data": 1. Harvest data from users 2. Consolidate data into large databases 3. Run analytics to derive insight decouples people from their own data facilitates abuse, use in unintended purposes and irresponsible data handling practices reduces trust, increases fear by individuals makes them less open

Slide 17

Current approach to "Big Data": 1. Harvest data from users 2. Consolidate data into large databases 3. Run analytics to derive insight decoupling people from their own data facilitates abuse, use in unintended purposes and irresponsible data handling practices reduces trust, increases fear by individuals makes them less open allow people to keep their personal data themselves Supporting direct distributed query on distributed stores allow people to act effectively as controller of their own data facilitate accountability and provenance engage + empower people to share for mutual benefit

Slide 18

identity consolidation and forced verified ID among social machines and places platforms as central information controllers precludes identity partitioning platform- centralised web

Slide 19

Semi-trusted sharing

Slide 20

Mediated Data Sharing

Slide 21

history of interactions identity, demographic & social network data sensed context Personal Data Management Architecture designed to act as privacy & identity assistant select among multiple identities to enable separation of activities generate contexts appropriate to needs and situation

Slide 22

v v at the centre of each persons ecosystem is their social personal data management architecture re-de-centralised web w/ PDMAs

Slide 23

Who has been near cattle in Shropshire in the past 6 weeks and is experiencing the following symptoms: nausea, fever, swollen glands, tiredness? answering questions to a trusted party NHS Shropshire Trust signature: 9239898192839983 public key: b0092301f2903eaa whos asking? oh ok! heres my encrypted answer

Slide 24

21 st Century Devious Man But if I have access to my own rich data (e.g. quantified self) And I have a wider picture via others data (e.g. e-commerce) And I control who gets to share it Then I can use traditional techniques to preserve autonomy Mendacity Anonymisation/data perturbation

Slide 25

Can our devices help us? Murray-Rust, D., van Kleek, M., Dragan, L., Shadbolt, N. 2014: Social Palimpsests - clouding the lens of the personal panopticon. Digital Enlightenment Forum Yearbook

Slide 26

Can our devices help us?

Slide 27

The Power of Social

Slide 28

Contract & PDMAs Are terms set by the individual an offer? Can the offer be accepted using a website? Battle of the forms Effect of Consumer Rights Act 2015 on negotiated agreements

Slide 29

PDMAs Ts & Cs 1. The individual decides to which organisation the data is to be received. 2. The individual decides the period and the purposes for which the other can keep and use the data. 3. The organisation agrees not to share any of the data it receives with any third parties without express written permission from the individual. 4. The data will be stored and processed by the other in accordance with all laws and regulations in the individuals country. 5. This agreement shall not be varied without agreement of individual. 6. Any data provided by the individual will be owned by the individual and this includes any derived data. 7. Right to exit.

Slide 30

Ownership of data? 1.Property rights? Who gets to own data? Ownership v control v partial control 2. Issues? Politically unsaleable, risky to public domain, easily signed away [Lemley, 2000] 3. Service providers using PDS no longer considered as data controllers? What about PDMAs?

Slide 31

Theories and the right to identity Solove secrecy paradigm Nissenbaum contextual integrity Public/Private Dichotomy

Slide 32

Obfuscation: criminal offence issues Fraud & Computer Misuse Illicit intentions: fraud, paedophilia, terrorism Conduct of the user

Slide 33

Obfuscation Its all in the contract* * David Chalk

Slide 34

A way for the individual to achieve battlefield superiority? There is potential Legal/regulatory/ jurisdictional challenges Goes with the grain of psychology Letting society off the hook?