Daniel J. Weitzner

End-to-End Semantic Accountability:Policy and Technology Design Requirements for The Policy Aware Web

25 October 2006

Daniel J. Weitzner <djweitzner@csail.mit.edu>

MIT Decentralized Information Group

Daniel J. Weitzner

Overview

1. End-to-End

2. Semantic

3. Accountability

Daniel J. Weitzner

Quiz

1. How many believe you are subject to law (any law)?

2. How many of you follow (most) laws? [exclude speed limits]

3. How many of you read all the laws to which you believe you are subject?

4. How many have been to a court of law?

Daniel J. Weitzner

The Web Today

Daniel J. Weitzner

End-to-End Semantic Accountability

Daniel J. Weitzner

End-to-End Semantic Accountability

Daniel J. Weitzner

Privacy -- The challenge of web-scale profiling

Authorities in the Washington region spotted the same faded blue 1990 Chevrolet Caprice and recorded its New Jersey tags on at least 10 different occasions this month….

Each time, however, they let the driver go after finding no record that it had been stolen or that its occupants were wanted for any crimes.

"We were looking for a white van with white people, and we ended up with a blue car with black people," said D.C. Police Chief Charles H. Ramsey

Washington Post 26 October 2002, p.A01

Daniel J. Weitzner

Privacy shifts: from collection limts to use limits

• Most intrusive practices are from inferences drawn, not individual quanta of information collected:

• ･ Credit card transactions profiling

• ･Web logs Web search patterns

• ･ Instantaneous location travel patterns

• collection barriers usage description with accountability (after the fact) to rules:

Daniel J. Weitzner

Privacy Today

Collection Analysis Use

Privacy

today

Daniel J. Weitzner

Privacy Research Today

Collection Analysis Use

Instrumentationgoal for some

Daniel J. Weitzner

Privacy protection with accountability

Collection Analysis Use

Where we should be

Daniel J. Weitzner

Transparent Accountable Data Mining Initiative: Privacy Design Intuition

The more data becomes available on the Web and the more inferencing power increases, privacy protection will have to rely more on usage limitation rules and less on collection limitation rules

Usage Limits depend upon:

• Transparency: history of data manipulations and inferences is maintained and can be examined by authorized parties (who may be the general public).

• Accountability: ability to check whether the policies that govern data manipulations and inferences were in fact adhered to.

Daniel J. Weitzner

Data mining use case

Daniel J. Weitzner

Privacy failure modes

• Lack of transparency•Wrong John Doe (incorrect address)

• Improper sharing•No sharing allowed without assertion of 'reasonable suspicion' that there is a national security threat

• Lack of accountability to rules

•TSA collected data under the rule that it only be used for national security investigations

Daniel J. Weitzner

End-to-End Semantic Accountability

Daniel J. Weitzner

End-to-End Semantic Accountability

Daniel J. Weitzner

Rules over Semantics of Data

Daniel J. Weitzner

End-to-End Semantic Accountability

Daniel J. Weitzner

End-to-End Semantic Accountability

Daniel J. Weitzner

End-to-End Design Principle

The end-to-end principle: (aka, the dumb network)"The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the end points of the communication system. Therefore, providing that questioned function as a feature of the communication system itself is not possible. "

J.H. Saltzer, D.P. Reed and D.D. Clark, ACM Transactions in Computer Systems 2, 4,

November, 1984, pages 277-288.

Daniel J. Weitzner

Baseline End-to-End Semantic Accountability

2 assertions:

1. 15 IC agencies sharing information the Web

2. The key responsibility of every node in the Policy Aware web is semantically-linked transaction logging

Daniel J. Weitzner

Conclusion: Policy Awareness

1. End-to-End

2. Semantic

3. Accountability

Daniel J. Weitzner

For More InformationOur research group at MIT: Decentralized Information Group

http://dig.csail.mit.edu/

• Tranparency and AccountabilityWeitzner, Abelson, Berners-Lee, et al., "Transparent Accountable Data Mining: New Strategies for Privacy Protection", MIT CSAIL Technical Report MIT-CSAIL-TR-2006-007 (27 January 2006)http://www.w3.org/2006/01/tami-privacy-strategies-aaai.pdf

• Policy-Aware Access Control (With UMD MindLab)Weitzner, Hendler, Berners-Lee, Connolly, "Creating the Policy-Aware Web: Discretionary,Rules-based Access for the World Wide Web." In Elena Ferrari and Bhavani Thuraisingham,editors, Web and Information Security. IOS Press, 2005.http://www.w3.org/2004/09/Policy-Aware-Web-acl.pdf

• Feigenbaum and Weitzner (eds.), "Report on the 2006 TAMI/Portia Workshop on Privacy and Accountability." http://dig.csail.mit.edu/2006/tami-portia-accountability-ws/summary

Work supported by the US National Science Foundation Cybertrust (05-518) and ITR (04-012) programs.