Towards Socially-Responsible Management of Personal Information in Social Networks
Click here to load reader
-
Upload
university-of-geneva -
Category
Economy & Finance
-
view
824 -
download
3
description
Transcript of Towards Socially-Responsible Management of Personal Information in Social Networks
BlogTalk Asia, Sept 2009
BlogTalk Asia 2009 Jeju, South Korea
Jean-Henry Morin University of Geneva – CUI
Dept. of Information Systems
[email protected] http://jean-henry.com/
J.-H. Morin 2
Outline
• Introduction and Context
• Motivation and Problem Statement
• Two Important Problems
• Proposition for Managed Personal Information
• Design Overview
• Conclusion and Discussion
J.-H. Morin 3
Introduction and Context
• Social Networks and Services
J.-H. Morin 4
Introduction and Context
• Personal Information
• Different from Personally Identifying Information (PII)
• Subject to legal frameworks in most countries
• Increasingly shared on social networks • Blurring boundaries between private and public life
Legitimate concern (i.e., rights) over our information in terms of lifetime, usage purposes, access, etc.
J.-H. Morin 5
Problems and Issues
• Publish / share once, publish / share forever • Indexing and searching
• Who “owns” and manages YOUR information (SLAs) ? Raging debates. • Who’s information is it ? • Do you retain control ?
• Semantic searching capabilities
J.-H. Morin 6
The Right to Forget
• Right to Forget : fundamental human right threatened by the digital nature of information (i.e., searchable)
• Traditional Media (i.e., non digital) “Memory” erodes over time • Labor and cost intensive
• Digital Media, requires explicit human intervention to “make forget” information (Rouvroy, 2007)
J.-H. Morin 7
Anonymity and Privacy
• Anonymity and Privacy are fundamental to social networking • It’s not a “bug”, it’s a feature ! • It’s not schizophrenia !
• Multiple legitimate personas (e.g., work, family, communities, etc.)
• How do we deal with it in a socially-responsible and ethically sustainable way ?
• Cyber bullying (e.g., Akple in Korea)
Requires traceability and accountability of information (i.e., managed information)
J.-H. Morin 8
Key Question
• Is Privacy and personal information threatened by current social networking services ?
• We contend there is a need for Managed Personal Information • Socially-responsible and sustainable
How can we retain an acceptable (by all) level of control over our personal information ?
J.-H. Morin 9
Proposition
• Personal Information should be augmented with a layer accounting for its management
• Alongside other metadata increasingly used in addressing the semantic dimension of our electronic services
J.-H. Morin 10
Moving forward: Design Overview
• DRM • Highly controversial but a necessary evil
likely to stay
• Exception Management • An accountable approach to deal with the
lack of flexibility of DRM • A socially-responsible (yet economically
viable) alternative to the deceptive approaches of current DRM systems
J.-H. Morin 11
Digital Rights Management (DRM)
• What is DRM ? • Technology allowing to cryptographically associate usage rules
to digital content • Rules govern the usage of content • Content is persistently protected wherever it resides
• Examples : • Recipients of an email cannot FORWARD, PRINT, COPY the
email • A document EXPIRES on September 16, 2009 and can only be
accessed, in READ ONLY, by BlogTalk and Lift Asia attendees • CEO delegates to CCO the right to also manage policies
provided an audit trace is logged, etc.
• Where is it used ? • Initially fueled by the Media & Entertainment • Since 2003 : Enterprise sector fueled by corporate scandals
(Enron, etc.), compliance issues, regulatory frameworks, etc. • Software and gaming industries
J.-H. Morin 12 12
Rethinking & Redesigning DRM: Exception Management
• Acknowledge the Central role of the User and User Experience • Reinstate Users in their roles & rights • Presumption of innocence & the burden of proof
• Fundamental guiding principle : Feltens’ “Copyright Balance” principle (Felten, 2005)
“Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted
material should not be prevented from doing so by any DRM system.”
J.-H. Morin 13 13
Rethinking & Redesigning DRM (cont.)
• Exception Management in DRM environments, mixing water with fire ?
• Reversing the distrust assumption puts the user “in charge”, facing his responsibilities
• Allow users to make Exception Claims, granting them Short Lived Licenses based on some form of logging and monitoring
• Use Credentials as tokens for logging to detect and monitor abuses
• Credential are Revocable in order to deal with abuse and misuse situations
• Mutually acknowledged need for managed content while allowing all actors a smooth usability experience
J.-H. Morin 14
Putting the pieces together
• Augmenting information with usage rights appears to be a promising path towards : • Socially-Responsible management of
personal information in social networks and services
• Enabling Exception Management may offer the much needed flexibility lacking in traditional rights management environments
• Much work remains to be done
J.-H. Morin 15
Conclusion
• Call for Action ! We need to innovate
• Co-creation of value: • Requires a transdisciplinary approach
(law, business, sociology, ethics, engineering, design, etc.)
• Involving all the stakeholders
• Engineering is “easy”, getting it “right” in a mutual socially responsible way is hard but a great societal challenge
J.-H. Morin 16
Questions - Discussion
귀하의 관심에 감사드립니다
Thank you
Jean-Henry Morin University of Geneva – CUI
Dept. of Information Systems
[email protected] http://jean-henry.com/