It’s not what IT does to Privacy it’s what Privacy does to IT Robert Thibadeau, Ph.D. www.internetlab.ri.cmu.edu www.w3.org/p3pwww.istpa.org www.intelytics.com firstname.lastname@example.org
InformationPrivacy Law Technology No matter how much you want to, you can’t get technology out of privacy or the law out of privacy
Reasons • There is no technically perfect solution possible : Thomas Jefferson’s notion of public and private. • Therefore the Law becomes Indispensible, and the LAW is always at Fault if it is not there providing protection. • Technology – actually the computer – will always surprise you : The Turing Principle • Therefore Technology cannot be frozen to a form, and the LAW is responsible, not technology • Technology – you need locks on the doors, systems to facilitate privacy, and systems for policing of the laws • This requires Technology
Negotiating Privacy in a Millisecond A HARD PROBLEM FOR IT DICTATED BY PRIVACY
Privacy Server Protocolhttp://yuan.ecom.cmu.edu/pspnow the basis for the European JAVA Demonstrator • Port-based, not (necessarily) HTTP • Scope : Persistence in Time and Scoping across Modality • P3P Vocabulary (as excellent starter) • Negotiated Privacy • Persona Driven • Bilateral Privacy • Museums - Universal Studios – Ford Have Privacy Needs Too • Non-Repudiate-able Contracts • Utilizing ASN.1/SMPTE 298M/DVBX Globally Unique Contract Names without central servers.
CMU PERSONA MODEL Web Site Server Agent Client Browser User Agent I want the Shopping Cart Amazon Shopper Need to be a Shopper BN Shopper Schwab StockPicker BUY Shopper I ‘m an Amazon Shopper DoubleClick User Amazon Shopper OK, Sign Here CMU Shadow DoubleClick User OK, Now you Sign Database System Done, Come on In!
CMU PERSONA MODEL *ALT Web Site Server Agent Client Browser User Agent I want the Shopping Cart Need to be a BN Shopper Amazon Shopper BN Shopper What’s That? Schwab StockPicker It’s This P3P Policy BUY Shopper DoubleClick User Can I be an Amazon Shopper? Amazon Shopper CMU Shadow OK, Sign Here DoubleClick User Database System OK, Now you Sign Done, Come on In!
CMU PERSONA MODEL *ALT Web Site Server Agent Client Browser User Agent I want the Shopping Cart Need to be a Shopper Amazon Shopper Can I be an Amazon Shopper? BN Shopper Schwab StockPicker OK, But you need to be DoubleClick User TOO! BUY Shopper DoubleClick User Amazon Shopper CMU Shadow OK, Sign Here DoubleClick User OK, Now You Sign Database System Done, I’m Coming In!
cmu persona A Persona is a Set of Credentials of which a Proper Subset is distinguished for Authorizing Access To the Remainder of the Set Username : <string> Password : <string> Name : <string> Credit Card Number : <string> Card Expiration : <string> Mailing Address : <string> Mothers Name : <string> Child Persona : <p-name> … Credentials as Other Persona PERSONA P3P APPEL : <script> Recogniz-er : <script> FillerIn-er : <script> Communicat-er : <script> HowToUse-er : <script>
cmu persona interface IE/Netscape Plugin is EMPTY PERSONA EDIT OR APPLY ENGINE Fill it with actual person in different ways: REMOTE BASESTATION WEB SERVER : PORT 80 (Web Page Activates Persona) CMU PERSONA PLUGIN Active Persona Storage AMAZON SHOPPER AMAZON SHOPPER My Secure Hard Disk OR My Floppy Disk MY OTHER SHOPPER MY OTHER SHOPPER THIRD PARTY WEB SERVER : PORT 80 Like to Use Amazon Shopper