The Economics of Surveillance Workshop, Web Science 2015
Privacy By Obfuscation With Personal Data Management Architectures
Dave Murray-Rust 1, Kieron OHara 2, Marion Oswald 3, Max Van Kleek
2 & Nigel Shadbolt 2 1 School of Informatics, University of
Edinburgh 2 Electronics and Computer Science, University of
Southampton 3 Centre for Information Rights, University of
Winchester
Slide 2
From Action to Data We are categorised without control boyd
context collapse Lyon leaky containers Althusser/Butler
interpellation Nissenbaum contextual integrity One defence
mechanism Stirner the heroism of the lie
Slide 3
Slide 4
Slide 5
Slide 6
Slide 7
Slide 8
Slide 9
Presented this morning!
Slide 10
do people (still) lie online? why and how often? do people
(still) use false identities online? do people lie on some social
machines more than others? why? how do people feel about these
actions/
Slide 11
How often do you tell lies on social media? never often
N=387
privacy (N=17) On fetish sites, I will lie about my birthday
(displacing my age by a few months to a year in the process) and my
hometown, making my identity there harder to connect to my real
identity. (p461) Age and place of residence once, i did not want
people to link my account on a website to me. (p102) identity
linkage not really, even on my "anonymous", NSFW, twitter account I
don't lie, it's more just withholding information that would reveal
my identity (p464)
Slide 14
The major untruth I tell is pretending to be a man rather than
a woman on YouTube - I know its bad and not helping the cause, but
I know that if I want to convince someone of a particular point, if
I pretend to be a man my sayings wont be regarded through the bias
of my gender, while if I say opinions (completely disconnected from
gender issues) as a woman, it will probably be the 1st thing my
opponents will use in a debate. (p301) conform (N=9) i have
pretended to be in favour of certain political/social movements to
protect myself from harassment. (p60)
Slide 15
spy - protection against information misuse by platforms that
require the information, distrust of these platforms Whenever my
real name is not required, I give a false name. More than hiding my
identity, it is a way (although quite possibly insufficient) to
prevent such platforms from connecting together my different
identities, and then jumping to conclusions I did not ask them to
make. (p500) I use pseudonyms for some websites that require
details for example email addresses and in the terms and conditions
it states that it will give your details to third parties, as I do
not want spam and phishing emails or any third parties to have my
name and contact details for security reasons. (p425)
Slide 16
Current approach to "Big Data": 1. Harvest data from users 2.
Consolidate data into large databases 3. Run analytics to derive
insight decouples people from their own data facilitates abuse, use
in unintended purposes and irresponsible data handling practices
reduces trust, increases fear by individuals makes them less
open
Slide 17
Current approach to "Big Data": 1. Harvest data from users 2.
Consolidate data into large databases 3. Run analytics to derive
insight decoupling people from their own data facilitates abuse,
use in unintended purposes and irresponsible data handling
practices reduces trust, increases fear by individuals makes them
less open allow people to keep their personal data themselves
Supporting direct distributed query on distributed stores allow
people to act effectively as controller of their own data
facilitate accountability and provenance engage + empower people to
share for mutual benefit
Slide 18
identity consolidation and forced verified ID among social
machines and places platforms as central information controllers
precludes identity partitioning platform- centralised web
Slide 19
Semi-trusted sharing
Slide 20
Mediated Data Sharing
Slide 21
history of interactions identity, demographic & social
network data sensed context Personal Data Management Architecture
designed to act as privacy & identity assistant select among
multiple identities to enable separation of activities generate
contexts appropriate to needs and situation
Slide 22
v v at the centre of each persons ecosystem is their social
personal data management architecture re-de-centralised web w/
PDMAs
Slide 23
Who has been near cattle in Shropshire in the past 6 weeks and
is experiencing the following symptoms: nausea, fever, swollen
glands, tiredness? answering questions to a trusted party NHS
Shropshire Trust signature: 9239898192839983 public key:
b0092301f2903eaa whos asking? oh ok! heres my encrypted answer
Slide 24
21 st Century Devious Man But if I have access to my own rich
data (e.g. quantified self) And I have a wider picture via others
data (e.g. e-commerce) And I control who gets to share it Then I
can use traditional techniques to preserve autonomy Mendacity
Anonymisation/data perturbation
Slide 25
Can our devices help us? Murray-Rust, D., van Kleek, M.,
Dragan, L., Shadbolt, N. 2014: Social Palimpsests - clouding the
lens of the personal panopticon. Digital Enlightenment Forum
Yearbook
Slide 26
Can our devices help us?
Slide 27
The Power of Social
Slide 28
Contract & PDMAs Are terms set by the individual an offer?
Can the offer be accepted using a website? Battle of the forms
Effect of Consumer Rights Act 2015 on negotiated agreements
Slide 29
PDMAs Ts & Cs 1. The individual decides to which
organisation the data is to be received. 2. The individual decides
the period and the purposes for which the other can keep and use
the data. 3. The organisation agrees not to share any of the data
it receives with any third parties without express written
permission from the individual. 4. The data will be stored and
processed by the other in accordance with all laws and regulations
in the individuals country. 5. This agreement shall not be varied
without agreement of individual. 6. Any data provided by the
individual will be owned by the individual and this includes any
derived data. 7. Right to exit.
Slide 30
Ownership of data? 1.Property rights? Who gets to own data?
Ownership v control v partial control 2. Issues? Politically
unsaleable, risky to public domain, easily signed away [Lemley,
2000] 3. Service providers using PDS no longer considered as data
controllers? What about PDMAs?
Slide 31
Theories and the right to identity Solove secrecy paradigm
Nissenbaum contextual integrity Public/Private Dichotomy
Slide 32
Obfuscation: criminal offence issues Fraud & Computer
Misuse Illicit intentions: fraud, paedophilia, terrorism Conduct of
the user
Slide 33
Obfuscation Its all in the contract* * David Chalk
Slide 34
A way for the individual to achieve battlefield superiority?
There is potential Legal/regulatory/ jurisdictional challenges Goes
with the grain of psychology Letting society off the hook?