building trust in a tense information society, daniel weitzner, director, mit csail decentralized...
TRANSCRIPT
1
Building Trust in a Tense Information Society
MIT Startup Exchange – Cybersecurity Innovation
Daniel J. WeitznerDirector, Cybersecurity and Internet Policy Research InitiativeMassachusetts Institute of Technology
28 May 2015
2
Tensions in our Information Society reduce trust
1. Culture: Normalization of radical transparency vs trust gap
2. User experience: Increased individual control of personal data vs. opaque use
3. Political process: Major sector of economy/society poorly understood
Privacy built on trust, not fine print
No App Low Med. High
*
*
*
Participants based their decision on:• Familiarity (i.e. trust) with the app.
• The type of app, in particular what kinds of information the app already has already access to.
Frequency of use had no effect;
No App Low Med. High
No App Low Med. High No App Low Med. High
No App Low Med. High
*
No App Low Med. HighPrivacy Tipping Points in Smartphones Privacy PreferencesF Shih, I Liccardi, D Weitzner – Proceedings ACM CHI, 2015
5
Normalization of Radical Transparency
Assange
Wall Street Journal
‘What they Know”
Manning
Snowden
• Snowden is neither the first nor the last
• The dramatic response of Silicon Valley
• Trust will require pro-active transparency
1. Transparency without trust
6
Trust Challenge
Judge Reggie B. Walton, Chief Judge, Foreign Intelligence Surveillance Court
“the court lacks the tools to independently verify how often the government’s surveillance breaks the court’s rules that aim to protect Americans’ privacy”• Washington Post, August 15,
2013
1. Transparency without trust
7
Growing Individual Control
• Personal health data tied to individual
• How will this shape privacy expectations?
2. Control vs opacity
10
New Privacy Priorities: Prevent Discrimination and Sustain Trust
Discrimination: “The increasing use of algorithms to make eligibility decisions must be carefully monitored for potential discriminatory outcomes for disadvantaged groups, even absent discriminatory intent.“
11
Importance of Accountable Systems
“Although the state of the art is still somewhat ad hoc, and auditing is often not automated, so‐called accountable systems are beginning to be deployed.
The ability to detect violations of privacy policies, particularly if the auditing is automated and continuous, can be used both to deter privacy violations and to ensure that violators are punished. (pp. 42-43)
12
A Goal by Analogy: Financial Accounting
.
.
.
.
.
General LedgerTransactions
Assets……Liabilities……Net AssetsOwners Equity
Financial Balance Sheet
Accounting rulesPublic Trust
13
Personal Information Accountability
.
.
.
.
.
Personal InformationTransactions
Compliance• FCRA #• DAA #• FISA #• ECPA #
Non-compliance• FCRA #• DAA #• FISA #• ECPA #
Total TransactionsNet Accountability
Personal InformationBalance Sheet
Accountable Systems Reasoning
Public Trust
14
Detailed Explanation
“[Recipient,] Fred Agenti, is a member of a Criminal Justice Agency…”
“Inquiry is about Robert B. Guy and is based on a personally identifying characteristic…”
Accountable Systems
18
Stop Online Piracy Act: Engineer’s View
• “If enacted, either of these bills will create an environment of tremendous fear and uncertainty for technological innovation, and seriously harm the credibility of the United States in its role as a steward of key Internet infrastructure. Regardless of recent amendments to SOPA, both bills will risk fragmenting the Internet's global domain name system (DNS) and have other capricious technical consequences. In exchange for this, such legislation would engender censorship that will simultaneously be circumvented by deliberate infringers while hampering innocent parties' right and ability to communicate and express themselves online.”• https://www.eff.org/deeplinks/2011/12/internet-inventors-warn-
against-sopa-and-pipa
19
MIT Cybersecurity and Internet Policy Research Initiative
Social Science•Nazli Choucri, Political Science
•Peter Diamond, Economics
•Michael Fischer, Anthropology and Science , Tecnology & Society
•Kenneth Oye, Political Science
•Sherry Turkle, Sociology and Science , Technology & Society
Engineering• Hal Abelson, EECS• Tim Berners-Lee, CSAIL• David Clark, CSAIL• Munther Dahleh, Institute On
Complex & Socio-Tech. Systems
• Shafi Goldwasser, EECS• Frans Kaashoek, EECS• Nancy Leveson, Aeronautics &
Astronautics• Silvio Micali, EECS• Ron Rivest, EECS• Daniela Rus, CSAIL• Howie Shrobe, CSAIL• Gerry Sussman, EECS• Daniel Weitzner, CSAIL
Management•Andrew Lo, Sloan•Stu Madnick, Sloan