digital responsibility: towards a new world order ?

Digital Responsibility: Towards a New World Order ?

Seoul, November 9, 2011

National Information Society Agency Seoul, South Korea

Prof. Jean-Henry Morin University of Geneva – HEC Institute of Services Science

Jean-Henry.Morin@unige.ch

http://jean-henry.com/

J.-H. Morin

Outline

•  Intro & Context

•  Example #1 : Trust in the Digital Age •  1 Paradox •  3 situations

•  Enterprise & Corporate Sector •  Entertainment & Media •  Cloud Computing

•  1 Discussion

•  Example #2 : Personal Information in the Digital Age

•  Discussion and Open Issues

Context

J.-H. Morin

Smart Society (NIA 2011)

●  Beyond Web 2.0

●  Core Values for a Sustainable Future: ●  Openness ●  Sharing ●  Cooperation

Are we ready for this ? Ludwig Gatzke

Example #1 Trust in the Digital Age

J.-H. Morin

A Paradox

We talk about Trust and Trusted Computing in

the digital age…

…but everything relies on a distrust assumption

http://zatoichi.homeip.net/~brain/TrustedComputing.jpg

Situation #1

Enterprise & Corporate Sector

J.-H. Morin

Who has NEVER « worked around » security policies to legitimately complete work that systems

Prevented from doing ?

J.-H. Morin

53 % !!!

J.-H. Morin

Enterprise & Corporate Sector: Corporate Security Policies

•  53% admit circumventing corporate security policies to get the work done (EMC RSA Security, 2008)

•  Among the most cited reasons justifying circumventing corporate security policies (Cisco, 2008)

a)  Doesn’t correspond to the operational reality nor to what is required to get the work done

b)  Need to access applications not belonging to or authorized by corporate IT policies to work

•  Consequences: increase in risks and costs •  Requires « creativity » to get the job done ! •  Increased stress due to unauthorized actions •  Inefficiencies •  Untraceable transgressions / violations

Situation #2

Entertainment & Media

J.-H. Morin

New Media Warrants New Thinking

© Chappatte in "Le Temps" (Geneva), Jan 21, 2006

J.-H. Morin

How did we get here… … a dystopian scenario ?

http://www.flickr.com/search/?q=DRM

J.-H. Morin

Some Popular Misconceptions

•  Information Wants to be “free”

•  DRM is Evil : “Digital Restriction Management” (FSF, EFF, etc.)

•  Users are Criminals : 12 year old

girl sued by RIAA

•  P2P is “bad” : File Sharing & Downloading is a Crime

Etc.

Ted Talks, Mars 2007

Larry Lessig: How creativity is being strangled by the law

http://www.ted.com/index.php/talks/view/id/187

Remix & ©

Fair Use ? Universal Music VS dancing toddler

J.-H. Morin

RIAA Scum Bird

http://bit.ly/akxivr

J.-H. Morin

Extremism

•  Larry Lessig Speech at Italian Parliament: Internet is Freedom

http://blip.tv/file/3332375/

Etc.

VS 2 M iPads sold in 60 days !!!

J.-H. Morin

The Legal haystack! Three Strikes Graduated Response

French HADOPI Three-Strikes Graduated Response invites itself to the land of Shakespeare

J.-H. Morin

Doomed initiatives !

•  Fundamental Rights: •  Internet access has been recognized as a fundamental

right, EU Parliament massively rejects three strikes graduated responses (481 votes against 25, in 2010)

•  Technically inapplicable: •  Deep Packet Inspection and false positives

http://dmca.cs.washington.edu/

•  Legally inapplicable: •  Territorial nature of such laws VS global media

•  ACTA

J.-H. Morin

Entertainment & Media

•  Consequences : •  Criminalizing ordinary people (no impact on organized

crime)

•  Loss of hard fought rights ! (Fair Use, private copy, etc.)

•  Presumption of guiltiness ! (onus probandi ?)

•  Internet access is increasingly recognized as a fundamental right (EU parliament)

•  Exclusion, Inapplicability technical and legal

•  Etc.

Situation #3

Cloud Computing

J.-H. Morin

Cloud Computing

•  The World is Changing: PaaS, IaaS, SaaS

Etc.

J.-H. Morin

Cloud Computing

•  So are customers

Etc.

Discussion

What do these 3 situations teach us about Trust in the digital age ?

J.-H. Morin

Discussion

•  Situations 1 et 2 : •  Enterprise and Corporate •  Entertainment and Media

Rely on an fundamental assumption: « Distrust »

Time for a mindset change ?

J.-H. Morin

Security is bypassed not attacked

Inspired by Adi Shamir, Turing Award lecture, 2002!

J.-H. Morin

The Human Factor

IMG: J. Anderson

J.-H. Morin

Discussion

•  Situation 3 •  Cloud : There’s Hope!

Is it an Emerging sign of « Trust »

?

J.-H. Morin

Information Security

2

!"

Organisations are changing

Weak

Internal

relationships

Strong

External

relationships

!"#$%& !'()*&

+,(-./012

+3)4(0/562

Trend

!"

People will dominate your future

!"#$%&'(')$%*&%+,&*)-.(/*,%0$1')/(2%/3%4/,5%

.,6%&7'&&28

Debi Ashenden

UK Defence Academy

David Lacey, Managing the human factor in information security, John Wiley & Sons, 2009

J.-H. Morin

Discussion

•  Is it enough ?

Most likely Not !

•  We need to put Trust back to where it belongs : People ! •  Not in « computational » terms •  Reinstate people in their Roles, Rights and Obligations

Digital Responsibility

J.-H. Morin

Can we fix “it” ? •  Assuming :

•  Security is needed (managed content) •  Total Security is neither realistic nor desirable •  Given the right User Experience and Business Models

most users smoothly comply (e.g., iTunes) •  Most users aren’t criminals

•  We need to take a step back to : •  Critically re-think “it” •  Reconsider the debate outside the either/or extremes of

total vs. no security •  Re-design “it” from ground up

J.-H. Morin

Rethinking & Redesigning DRM

•  Acknowledge the Central role of the User and User Experience •  Reinstate Users in their roles & rights •  Presumption of innocence & the burden of proof

•  Fundamental guiding principle to Rethink and Redesign DRM : Feltens’ “Copyright Balance” principle (Felten, 2005)

“Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted

material should not be prevented from doing so by any DRM system.”

•  Claim and Proposition : •  Put the trust back into the hands of the users •  Reverse the distrust assumption •  Requires a major paradigm shift

J.-H. Morin

Rethinking & Redesigning DRM (cont.)

•  Exception Management in DRM environments, mixing water with fire ? Not necessarily !

•  Reversing the distrust assumption puts the user “in charge”, facing his responsibilities

•  Allow users to make Exception Claims, granting them Short Lived Licenses based on some form of logging and monitoring

•  Use Credentials as tokens for logging to detect and monitor abuses

•  Credential are Revocable in order to deal with abuse and misuse situations

•  Mutually acknowledged need for managed content while allowing all actors a smooth usability experience

(Morin and Pawlak, 2007, 2008); (Morin 2008, 2009)

J.-H. Morin

Technology Transfer

34

Partnership with Fasoo.com •  June 2011, Integration of the Exception Management

model as « Provisional Licensing »

Example #2 Personal Information Management

in Social Networks

J.-H. Morin

Source : http://samatman.com/

“The Digital Human” Digital Crumbs

J.-H. Morin

Personal Information Serious Games

•  http://www.2025exmachina.net/

J.-H. Morin

A “Serious” problem in Social Networks and Services

Socially-Responsible Management of Personal Information •  Personal Information

• Different from Personally Identifying Information (PII) •  Subject to legal frameworks in most countries

•  Increasingly shared on social networks •  Blurring boundaries between private and public life

Legitimate concern (i.e., rights) over our information in terms of lifetime, usage purposes, access, etc.

J.-H. Morin

Privacy Made in Google

http://current.com/shows/supernews/91659341_the-google-toilet.htm

J.-H. Morin

Problems and Issues

• Publish / share once, publish / share

forever • Indexing and searching

• Who “owns” and manages YOUR information (SLAs) ? Raging debates. • Who’s information is it ? • Do you retain control ?

• Semantic searching capabilities

J.-H. Morin

The Right to Forget

• Right to Forget : fundamental

human right threatened by the digital nature of information (i.e., searchable)

• Traditional Media (i.e., non digital) “Memory” erodes over time • Labor and cost intensive

• Digital Media, requires explicit human intervention to “make forget” information (Rouvroy, 2007)

J.-H. Morin

France : Legal Approach (again!)

• French Minister of Forward Planning

and Development of the Digital Economy

• Public consultation on the issue… … towards a law on digital forgetfulness… Finally a “best practice” agreement

J.-H. Morin

Anonymity and Privacy

• Anonymity and Privacy are fundamental

to social networking • It’s not a “bug”, it’s a feature ! • It’s not schizophrenia !

• Multiple legitimate personas (e.g., work, family, communities, etc.)

• How do we deal with it in a socially-responsible and ethically sustainable way ?

• Cyber bullying (e.g., Akple in Korea) Requires traceability and accountability of

information (i.e., managed information)

J.-H. Morin

Key Question

• Is Privacy and personal information

threatened by current social networking services ?

• We contend there is a need for Managed Personal Information • Socially-responsible and sustainable

How can we retain an acceptable (by all) level of

control over our personal information ?

J.-H. Morin

Proposition

• Personal Information should be

augmented with a layer accounting for its management

• Alongside other metadata increasingly used in addressing the semantic dimension of our electronic services

• We argue DRM combined with Exception Management may be a promising path towards : • Socially-Responsible management of personal

information in social networks and services

(Morin, 2010)

J.-H. Morin

From Identity to Personal Information

http://identityblog.com/

J.-H. Morin

Argument & Discussion

•  What do these Examples tell us ?

•  Emerging notion of “ Informed Trust and Accountability ” : Digital Responsibility

•  Cost : Major mindset change + transparency

J.-H. Morin

To Summarize

•  Web 2.0 has reshuffled the powers •  eParticipation is here to stay •  Change is happening (not something ahead of us) •  Many problems have become global by nature

(thus usual institutions approaches and remedies are obsolete)

•  Responsibility is emerging as a basis for sustainable digital societal evolution

•  Digital Literacy is KEY in shaping the future of our now digital lives

Join the conversation...

J.-H. Morin

Designing the Smart Society

Technology is a means serving practices and society. Being able to assess and

evaluate the risks as well as the opportunities is key in enabling a

responsible and sustainable participative, service oriented society.

In the XXI century, Digital Literacy,

Critical Thinking and Participation are key elements to Design and shape the

Future of our Smart society

관심을 가져 주셔서 감사합니다

… Q & A Contacts:

Prof. Jean-Henry Morin University of Geneva – CUI

Institute of Services Science http://iss.unige.ch/

Jean-Henry.Morin@unige.ch

@jhmorin

http://ch.linkedin.com/in/jhmorin

http://www.slideshare.net/jhmorin

http://jean-henry.com/