1

Building Trust in a Tense Information Society

MIT Startup Exchange – Cybersecurity Innovation

Daniel J. WeitznerDirector, Cybersecurity and Internet Policy Research InitiativeMassachusetts Institute of Technology

28 May 2015

2

Tensions in our Information Society reduce trust

1. Culture: Normalization of radical transparency vs trust gap

2. User experience: Increased individual control of personal data vs. opaque use

3. Political process: Major sector of economy/society poorly understood

3

The Internet Trust Gap

Privacy built on trust, not fine print

No App Low Med. High

*

*

*

Participants based their decision on:• Familiarity (i.e. trust) with the app.

• The type of app, in particular what kinds of information the app already has already access to.

Frequency of use had no effect;

No App Low Med. High

No App Low Med. High No App Low Med. High

No App Low Med. High

*

No App Low Med. HighPrivacy Tipping Points in Smartphones Privacy PreferencesF Shih, I Liccardi, D Weitzner – Proceedings ACM CHI, 2015

5

Normalization of Radical Transparency

Assange

Wall Street Journal

‘What they Know”

Manning

Snowden

• Snowden is neither the first nor the last

• The dramatic response of Silicon Valley

• Trust will require pro-active transparency

1. Transparency without trust

6

Trust Challenge

Judge Reggie B. Walton, Chief Judge, Foreign Intelligence Surveillance Court

“the court lacks the tools to independently verify how often the government’s surveillance breaks the court’s rules that aim to protect Americans’ privacy”• Washington Post, August 15,

2013

1. Transparency without trust

7

Growing Individual Control

• Personal health data tied to individual

• How will this shape privacy expectations?

2. Control vs opacity

8

Opaque decision making with ‘big data’

10

New Privacy Priorities: Prevent Discrimination and Sustain Trust

Discrimination: “The increasing use of algorithms to make eligibility decisions must be carefully monitored for potential discriminatory outcomes for disadvantaged groups, even absent discriminatory intent.“

11

Importance of Accountable Systems

“Although the state of the art is still somewhat ad hoc, and auditing is often not automated, so‐called accountable systems are beginning to be deployed.

The ability to detect violations of privacy policies, particularly if the auditing is automated and continuous, can be used both to deter privacy violations and to ensure that violators are punished. (pp. 42-43)

12

A Goal by Analogy: Financial Accounting

.

.

.

.

.

General LedgerTransactions

Assets……Liabilities……Net AssetsOwners Equity

Financial Balance Sheet

Accounting rulesPublic Trust

13

Personal Information Accountability

.

.

.

.

.

Personal InformationTransactions

Compliance• FCRA #• DAA #• FISA #• ECPA #

Non-compliance• FCRA #• DAA #• FISA #• ECPA #

Total TransactionsNet Accountability

Personal InformationBalance Sheet

Accountable Systems Reasoning

Public Trust

14

Detailed Explanation

“[Recipient,] Fred Agenti, is a member of a Criminal Justice Agency…”

“Inquiry is about Robert B. Guy and is based on a personally identifying characteristic…”

Accountable Systems

REAL-TIME USAGE CONTROL

Confidential

Real-time usage control

Personal Information Balance Sheet

17

Stop Online Piracy Act: Grass Roots View

Don’t’ Break th

e

Internet

18

Stop Online Piracy Act: Engineer’s View

• “If enacted, either of these bills will create an environment of tremendous fear and uncertainty for technological innovation, and seriously harm the credibility of the United States in its role as a steward of key Internet infrastructure. Regardless of recent amendments to SOPA, both bills will risk fragmenting the Internet's global domain name system (DNS) and have other capricious technical consequences. In exchange for this, such legislation would engender censorship that will simultaneously be circumvented by deliberate infringers while hampering innocent parties' right and ability to communicate and express themselves online.”• https://www.eff.org/deeplinks/2011/12/internet-inventors-warn-

against-sopa-and-pipa

19

MIT Cybersecurity and Internet Policy Research Initiative

Social Science•Nazli Choucri, Political Science

•Peter Diamond, Economics

•Michael Fischer, Anthropology and Science , Tecnology & Society

•Kenneth Oye, Political Science

•Sherry Turkle, Sociology and Science , Technology & Society

Engineering• Hal Abelson, EECS• Tim Berners-Lee, CSAIL• David Clark, CSAIL• Munther Dahleh, Institute On

Complex & Socio-Tech. Systems

• Shafi Goldwasser, EECS• Frans Kaashoek, EECS• Nancy Leveson, Aeronautics &

Astronautics• Silvio Micali, EECS• Ron Rivest, EECS• Daniela Rus, CSAIL• Howie Shrobe, CSAIL• Gerry Sussman, EECS• Daniel Weitzner, CSAIL

Management•Andrew Lo, Sloan•Stu Madnick, Sloan