BlogTalk Asia, Sept 2009

BlogTalk Asia 2009 Jeju, South Korea

Jean-Henry Morin University of Geneva – CUI

Dept. of Information Systems

Jean-Henry.Morin@unige.ch http://jean-henry.com/

J.-H. Morin 2

Outline

•  Introduction and Context

• Motivation and Problem Statement

• Two Important Problems

•  Proposition for Managed Personal Information

• Design Overview

• Conclusion and Discussion

J.-H. Morin 3

Introduction and Context

• Social Networks and Services

J.-H. Morin 4

Introduction and Context

•  Personal Information

• Different from Personally Identifying Information (PII)

•  Subject to legal frameworks in most countries

•  Increasingly shared on social networks •  Blurring boundaries between private and public life

Legitimate concern (i.e., rights) over our information in terms of lifetime, usage purposes, access, etc.

J.-H. Morin 5

Problems and Issues

• Publish / share once, publish / share forever • Indexing and searching

• Who “owns” and manages YOUR information (SLAs) ? Raging debates. • Who’s information is it ? • Do you retain control ?

• Semantic searching capabilities

J.-H. Morin 6

The Right to Forget

• Right to Forget : fundamental human right threatened by the digital nature of information (i.e., searchable)

• Traditional Media (i.e., non digital) “Memory” erodes over time • Labor and cost intensive

• Digital Media, requires explicit human intervention to “make forget” information (Rouvroy, 2007)

J.-H. Morin 7

Anonymity and Privacy

• Anonymity and Privacy are fundamental to social networking • It’s not a “bug”, it’s a feature ! • It’s not schizophrenia !

• Multiple legitimate personas (e.g., work, family, communities, etc.)

• How do we deal with it in a socially-responsible and ethically sustainable way ?

•  Cyber bullying (e.g., Akple in Korea)

Requires traceability and accountability of information (i.e., managed information)

J.-H. Morin 8

Key Question

• Is Privacy and personal information threatened by current social networking services ?

• We contend there is a need for Managed Personal Information • Socially-responsible and sustainable

How can we retain an acceptable (by all) level of control over our personal information ?

J.-H. Morin 9

Proposition

• Personal Information should be augmented with a layer accounting for its management

• Alongside other metadata increasingly used in addressing the semantic dimension of our electronic services

J.-H. Morin 10

Moving forward: Design Overview

• DRM • Highly controversial but a necessary evil

likely to stay

• Exception Management • An accountable approach to deal with the

lack of flexibility of DRM • A socially-responsible (yet economically

viable) alternative to the deceptive approaches of current DRM systems

J.-H. Morin 11

Digital Rights Management (DRM)

•  What is DRM ? •  Technology allowing to cryptographically associate usage rules

to digital content •  Rules govern the usage of content •  Content is persistently protected wherever it resides

•  Examples : •  Recipients of an email cannot FORWARD, PRINT, COPY the

email •  A document EXPIRES on September 16, 2009 and can only be

accessed, in READ ONLY, by BlogTalk and Lift Asia attendees •  CEO delegates to CCO the right to also manage policies

provided an audit trace is logged, etc.

•  Where is it used ? •  Initially fueled by the Media & Entertainment •  Since 2003 : Enterprise sector fueled by corporate scandals

(Enron, etc.), compliance issues, regulatory frameworks, etc. •  Software and gaming industries

J.-H. Morin 12 12

Rethinking & Redesigning DRM: Exception Management

•  Acknowledge the Central role of the User and User Experience •  Reinstate Users in their roles & rights •  Presumption of innocence & the burden of proof

•  Fundamental guiding principle : Feltens’ “Copyright Balance” principle (Felten, 2005)

“Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted

material should not be prevented from doing so by any DRM system.”

J.-H. Morin 13 13

Rethinking & Redesigning DRM (cont.)

•  Exception Management in DRM environments, mixing water with fire ?

•  Reversing the distrust assumption puts the user “in charge”, facing his responsibilities

•  Allow users to make Exception Claims, granting them Short Lived Licenses based on some form of logging and monitoring

•  Use Credentials as tokens for logging to detect and monitor abuses

•  Credential are Revocable in order to deal with abuse and misuse situations

•  Mutually acknowledged need for managed content while allowing all actors a smooth usability experience

J.-H. Morin 14

Putting the pieces together

• Augmenting information with usage rights appears to be a promising path towards : • Socially-Responsible management of

personal information in social networks and services

• Enabling Exception Management may offer the much needed flexibility lacking in traditional rights management environments

• Much work remains to be done

J.-H. Morin 15

Conclusion

• Call for Action ! We need to innovate

• Co-creation of value: • Requires a transdisciplinary approach

(law, business, sociology, ethics, engineering, design, etc.)

• Involving all the stakeholders

• Engineering is “easy”, getting it “right” in a mutual socially responsible way is hard but a great societal challenge

J.-H. Morin 16

Questions - Discussion

귀하의 관심에 감사드립니다

Thank you

Jean-Henry Morin University of Geneva – CUI

Dept. of Information Systems

Jean-Henry.Morin@unige.ch http://jean-henry.com/