daniel j. weitzner end-to-end semantic accountability: policy and technology design requirements for...
TRANSCRIPT
Daniel J. Weitzner
End-to-End Semantic Accountability:Policy and Technology Design Requirements for The Policy Aware Web
25 October 2006
Daniel J. Weitzner <[email protected]>
MIT Decentralized Information Group
Daniel J. Weitzner
Overview
1. End-to-End
2. Semantic
3. Accountability
Daniel J. Weitzner
Quiz
1. How many believe you are subject to law (any law)?
2. How many of you follow (most) laws? [exclude speed limits]
3. How many of you read all the laws to which you believe you are subject?
4. How many have been to a court of law?
Daniel J. Weitzner
The Web Today
Daniel J. Weitzner
End-to-End Semantic Accountability
Daniel J. Weitzner
End-to-End Semantic Accountability
Daniel J. Weitzner
Privacy -- The challenge of web-scale profiling
Authorities in the Washington region spotted the same faded blue 1990 Chevrolet Caprice and recorded its New Jersey tags on at least 10 different occasions this month….
Each time, however, they let the driver go after finding no record that it had been stolen or that its occupants were wanted for any crimes.
"We were looking for a white van with white people, and we ended up with a blue car with black people," said D.C. Police Chief Charles H. Ramsey
Washington Post 26 October 2002, p.A01
Daniel J. Weitzner
Privacy shifts: from collection limts to use limits
• Most intrusive practices are from inferences drawn, not individual quanta of information collected:
• ・ Credit card transactions profiling
• ・Web logs Web search patterns
• ・ Instantaneous location travel patterns
• collection barriers usage description with accountability (after the fact) to rules:
Daniel J. Weitzner
Privacy Today
Collection Analysis Use
Privacy
today
Daniel J. Weitzner
Privacy Research Today
Collection Analysis Use
Instrumentationgoal for some
Daniel J. Weitzner
Privacy protection with accountability
Collection Analysis Use
Where we should be
Daniel J. Weitzner
Transparent Accountable Data Mining Initiative: Privacy Design Intuition
The more data becomes available on the Web and the more inferencing power increases, privacy protection will have to rely more on usage limitation rules and less on collection limitation rules
Usage Limits depend upon:
• Transparency: history of data manipulations and inferences is maintained and can be examined by authorized parties (who may be the general public).
• Accountability: ability to check whether the policies that govern data manipulations and inferences were in fact adhered to.
Daniel J. Weitzner
Data mining use case
Daniel J. Weitzner
Privacy failure modes
• Lack of transparency•Wrong John Doe (incorrect address)
• Improper sharing•No sharing allowed without assertion of 'reasonable suspicion' that there is a national security threat
• Lack of accountability to rules
•TSA collected data under the rule that it only be used for national security investigations
Daniel J. Weitzner
End-to-End Semantic Accountability
Daniel J. Weitzner
End-to-End Semantic Accountability
Daniel J. Weitzner
Rules over Semantics of Data
Daniel J. Weitzner
End-to-End Semantic Accountability
Daniel J. Weitzner
End-to-End Semantic Accountability
Daniel J. Weitzner
End-to-End Design Principle
The end-to-end principle: (aka, the dumb network)"The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the end points of the communication system. Therefore, providing that questioned function as a feature of the communication system itself is not possible. "
J.H. Saltzer, D.P. Reed and D.D. Clark, ACM Transactions in Computer Systems 2, 4,
November, 1984, pages 277-288.
Daniel J. Weitzner
Baseline End-to-End Semantic Accountability
2 assertions:
1. 15 IC agencies sharing information the Web
2. The key responsibility of every node in the Policy Aware web is semantically-linked transaction logging
Daniel J. Weitzner
Conclusion: Policy Awareness
1. End-to-End
2. Semantic
3. Accountability
Daniel J. Weitzner
For More InformationOur research group at MIT: Decentralized Information Group
http://dig.csail.mit.edu/
• Tranparency and AccountabilityWeitzner, Abelson, Berners-Lee, et al., "Transparent Accountable Data Mining: New Strategies for Privacy Protection", MIT CSAIL Technical Report MIT-CSAIL-TR-2006-007 (27 January 2006)http://www.w3.org/2006/01/tami-privacy-strategies-aaai.pdf
• Policy-Aware Access Control (With UMD MindLab)Weitzner, Hendler, Berners-Lee, Connolly, "Creating the Policy-Aware Web: Discretionary,Rules-based Access for the World Wide Web." In Elena Ferrari and Bhavani Thuraisingham,editors, Web and Information Security. IOS Press, 2005.http://www.w3.org/2004/09/Policy-Aware-Web-acl.pdf
• Feigenbaum and Weitzner (eds.), "Report on the 2006 TAMI/Portia Workshop on Privacy and Accountability." http://dig.csail.mit.edu/2006/tami-portia-accountability-ws/summary
Work supported by the US National Science Foundation Cybertrust (05-518) and ITR (04-012) programs.