1 / 22

Jacques Bus  Dagstuhl, DE – 7-11 Febr 2011

DIGITRUST.EU Trust in the digital space. Dagstuhl Perspectives Workshop Online Privacy – Towards Informational Self-Determination on the Internet Part 4: Method, Structure and Language. Jacques Bus  Dagstuhl, DE – 7-11 Febr 2011. DIGITRUST.EU Trust in the digital space.

tea
Download Presentation

Jacques Bus  Dagstuhl, DE – 7-11 Febr 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DIGITRUST.EU Trust in the digital space Dagstuhl Perspectives WorkshopOnline Privacy – Towards Informational Self-Determination on the InternetPart 4: Method, Structure and Language Jacques Bus  Dagstuhl, DE – 7-11 Febr 2011

  2. DIGITRUST.EU Trust in the digital space Structure of result Part 1. Current S-o-A of online privacy w.r.t. to informational self-determination Part 2. Industry & Engineering Options to improve online privacy Part 3. Recommendations for improving regulations of online privacy Part 4. Recommendations for research to improve the S-o-A of online privacy The report structure will follow the Parts as proposed above? Comments: Part 1 may include background and relevance of the topic Part 2 could include challenges Part 3 depends on result in 1 and 2 Part 4 depends on results in 1 and 2, but problems of focus and form In general of course one cannot make 3 or 4 without some consent on 1 and 2.

  3. DIGITRUST.EU Trust in the digital space Issues in Part 4 Part 4: Foster industry's and academia's research for creating effective on-line privacy technologies. components and systems that promote informational self-determination Questions: A message for whom? To do what? Terminology and language Choices to be made Time Frame

  4. DIGITRUST.EU Trust in the digital space A message for whom? To do what? Or just a missionary statement about our good intentions?

  5. DIGITRUST.EU Trust in the digital space Dagstuhl Perspectives Workshop • Analyze the status quo of a field and jointly develop a vision for its future. • Give at the level of funding agencies and research policies: recommendations for research investments. • Update the respective legislative and regulative authorities on their options. • Results in a “Dagstuhl Manifesto” with • Research directions that are put into a larger context: society and economy, applications, relations to other fields • Audience beyond the inner circle of experts, including policy makers • Publication • Dagstuhl Online Publication Server (DROPS) • Other scientific publishers. • Summaries of selected manifestos in Informatik-Spektrum (Springer) • Outreach • Presented at a meeting of Dagstuhl’s Scientific Advisory Board • Passed on to national and European funding agencies • Other specific actions of participants??

  6. DIGITRUST.EU Trust in the digital space Targeted audience? • Researchers and Funding Agencies , policy makers - motives • Politics and Institutions (incl. EDPS, Privacy Commissioners, Legislative authorities) • regulatory part is topic of Part 3 • role of technology in legislation (transparency, privacy assurance, auditing) • political motivation for research funding is industrial and social innovation • citizen’s trust in government, social acceptance of ICT innovation, • how can government stimulate multi-disciplinarity (ambient law) • Funding Agencies and Industry, part of political and institutional world • EU research managers? Need political and societal (ethics/norms) arguments, and arguments of competitiveness and innovation • Member State research managers? local priorities in politics, industry, research • Industry? Focus on technology trends, product innovation and business models • Researchers • In academia? (interesting research, good for publication) • Research institutes (application research, what is needed in economy/society) • In industry? (profitable innovation and product development)

  7. DIGITRUST.EU Trust in the digital space Basic inputs • A research agenda must take account of developments in: • Technology trends • Industry requirements • Regulatory environment and requirements • Societal needs and stability • Citizens’ needs and perceptions

  8. DIGITRUST.EU Trust in the digital space Terminology and Language The trap of being logical and English? NOTE: I just want to sketch the problems, not at all to give definitions, nor an exhaustive analysis of the terms discussed !!

  9. DIGITRUST.EU Trust in the digital space Terminology - SECURITY • security is used in many contexts: • people: security and safety of people, physically and psychologically • states: national security, external relations, military defence • borders: in context of national security and protection of society (culture, economy) • entities: (infrastructures like electricity net; products like cars, planes; software and IT systems) avoid harm to property and life and protected against intrusion and abuse • data: protected against unintended observation, protection of integrity and theft • Note the organisation in EU’s FP7: • The Theme Security, or the Security Programme • The part of the ICT programme: Trustworthy ICT in the Unit Trust and Security • Note the language translation problem: • “security” and “safety” have only one translation in many languages FR: “securité”, DE: “Sicherheit”, NL: “veiligheid”. • Similar problems with other words. • Writing perfect English can lead to wrong understanding by people with other mother tongues. The context of a manifesto need to be introduced/explained.

  10. DIGITRUST.EU Trust in the digital space Terminology - IDENTITY • For example 3 concepts (Davis) • Metaphysical identity (what are the essential qualities of a person that makes him unique) • Physical identity: the carrier in flesh and blood of all the roles and qualities • Epistemological identity (created by relations to institutions; or existing because of various practices connected to our culture, language, ...) • We can also talk about multiple (partial) identities, if we consider every creation of relation or existence of practice that together form the epistemological identity, as one (partial) identity. • An ID in a certain context is a particular set of credentials (attributes), called a partial ID • FIDIS distinguishes: • the structural perspective (ID as set of attributes) • process perspective (ID as set of processes of disclosure and usage of ID data; authentication)

  11. DIGITRUST.EU Trust in the digital space Terminology - PRIVACY • Paul de Hert: “Privacy is about what is not covered by other civil liberties” It is about the balance of power: state vs citizen, multi-national vs consumerSedaGuerses: “Privacy cannot and should not be precisely defined – definition would kill it” • Allen considers: • physical privacy (seclusion, solitude); • informational privacy (confidentiality, secrecy, data protection and control over PI) • proprietary privacy (control over names, likeliness and repositories of PI) • Or one could think of the three dimensions: spatial, relational, informational. • Approaches through: (1) Secrecy/anonymity; (2) Control/ID mgt; (3) Practices; • Nissenbaum developed a framework for privacy as “Contextual Integrity of Information”, emphasising the essential contextual and normative character of privacy. • Q: How to consider context and norm/cultural dependency in tech privacy systems? • Relation to Data Protection: • DP needed for privacy implementation, but not all personal data is privacy sensitive. • DP requests consent be “specific” thus introducing context; implementation weak /uneven

  12. DIGITRUST.EU Trust in the digital space Terminology - CONFIDENCE We can have confidence (some would call it trust!) in institutions, organizations, technology, to do what is expected to be done by them. What is done can be negative and positive. We can be confident that viruses are harmful to our system. (But trust often has a positive connotation) Hardin uses “confidence” in relation to institutions (he reserves “trust” for interpersonal relations). But Fukuyama talks about “trust” in government, society (societal trust – which is a measure of citizen’s opinion). And Cofta e.a. uses “trust” overall in Trust Guide, a project analysing the position of people with respect to reliance on or confidence in technology

  13. DIGITRUST.EU Trust in the digital space Terminology - TRUST TRUST – a context-dependent (also culture, character or psychology-based) – relation between a truster and a trusted (often reserved for persons), where the truster expects the trusted to have a certain behaviour or acting TRUSTWORTHINESS - is the quality of an entity (as believed by the truster) to behave in a certain way (One can trust an entity without the entity being trustworthy for others) BUT: “trustworthy computing” has for many a very special meaning with reminiscences to Microsoft’s alleged attempt to get control over the (trustworthy) PC platform Of course Trust (and Trustworthiness) have the same complicating factors with respect to capturing in technology as Privacy: Context and norm/culture dependency, ...Much has been said and written about Trust and its meaning in society. Trust (confidence) is a basic condition for acceptance of technology, but from research done it is clear that people do not trust technology, but only the operators (organisations with procedures, transparency and well behaving persons)

  14. DIGITRUST.EU Trust in the digital space Trust/Confidence in Technology • Confidence in technology is not in the first place a technological problem. • Requires providers to be open and transparent about • How their organization works and processes data • What are the business objectives and where profit comes from • What protection can be given against abuse • What redress and damage management is foreseen • Requires Government to develop effective and as much as possible technology neutral regulation/law • which is effectively enforceable • takes account of speed of data transfer and technology development • takes account of globalization • Must give users the feeling that • it is following their norms and expectations • they understand the general picture • they do understand dangers, vulnerabilities and possible abuse • they have a reasonable control over their lives

  15. DIGITRUST.EU Trust in the digital space Example on Privacy - Social Networks Choices to be made Comprehensive, focused, shopping list??

  16. DIGITRUST.EU Trust in the digital space Choices to be made Decisions are needed before we start writing, to avoid lengthy discussions at the end How do we want to use all these terms, if at all? What type of entities do we include in the terminology (identity, privacy, trust only between persons, or wider, including technological entities)? How do we relate trust and identity to privacy? (I trust you if I know your ID? I will give up more of privacy if I trust more?). What terms do we use in relation to technology (trusted or trustworthy or something else)?I introduced in the ICT programme the term “Trustworthy ICT” defined as technology that issecure, reliable and resilient to attacks and operational failures; guaranteeing quality of service; protecting user data; ensuring privacy and providing usable and trusted tools to support the user in his security management. And measuring these qualities is part of this research. Can we talk about trusting a data-collector or data-processor and what would that mean? Should such organisation be compliant with Privacy and Data Protection law + Assures so through some certification + Proves practising it through transparency and audits, ....?

  17. DIGITRUST.EU Trust in the digital space Choices to be made – the language • Audience are politicians, industry leaders, researchers • Audience likely European: beautiful and correct EN will sometimes more confuse than help (security/safety!) • Audience not all technical expert: avoid abstract and rigid use of language, as well as technical terms and acronyms • When talking to laymen it is often better to use various words and points of view, as well as metaphors, to circumscribe issues, rather than talking clean logical language • Research program language use to be vague and abstract • to avoid strong prescription, errors and out-of-date things • leave the creativity to the proposer (some years later !!)

  18. DIGITRUST.EU Trust in the digital space Choices to be made – The Language • People/politicians want to recognize their thinking and preaching and be able to integrate new ideas in their normal discourse • Politicians do not change language easily once they have made their job period’s basic policy documents, so adapt to them if you want success Enhance trust and security (Examplefrompress release Neely Kroes on Digital Agenda) Europeans will not embrace technology they do not trust - they need to feel confident and safe online. A better coordinated European response to cyber-attacks and reinforced rules on personal data protection are part of the solution. Actions could also potentially oblige website operators to inform their users about security breaches affecting their personal data.

  19. Online trust and security Example: From Presentation of Neelie Kroes, EC Commissioner Digital Agenda identity theft privacy concerns cybercrime spam cybercrime centre computer emergency response teams low trust = low use

  20. DIGITRUST.EU Trust in the digital space The Time Frame • Examples of issues in a time frame • Short term - industrial innovation, product development • extension of current work on multiple ID and MDD, • user-centricity in data control (PET – privacy patching) • general data protection tools (not specific for the situation or sector) • Medium term – connect to the revision of the DP directive • Privacy by Design (technology, regulatory) • privacy assurance, certification • transparency, auditing • Longer term – research in academia and research institutes • Include dynamicity, diversity, contextual, cultural and normative essence of life • Ensure essential multi-disciplinarity in future research • personal, protected and trustworthy spaces for informational integrity • self-determination, also in profiling, targeted ads, … • Build a trusted environment that gives excitement and confidence

  21. DIGITRUST.EU Trust in the digital space References • A. Allen (1998) Uneasy Access, Totowa, NJ, Rowman & Littlefield • Russel Hardin (2002) Trust & Trustworthiness, Russel Sage Foundation, NY • Helen Nissenbaum (2010) Privacy in Context: Technology, Policy and the Integrity of Social Life, Stanford Univ Press • Francis Fukuyama (1995) Trust: the social virtues and the creation of prosperity, Free press, NY (Author from “The end of History”) • Kieron O’Hara (2004) Trust: From Socrates to Spin, Icon Books, Cambridge

  22. DIGITRUST.EU Trust in the digital space Example on Privacy - Social Networks

More Related