personal control of your data
play

Personal Control of Your Data Butler Lampson August 8, 2013 - PowerPoint PPT Presentation

Jul 25, 2023 •307 likes •545 views

Personal Control of Your Data Butler Lampson August 8, 2013 Background What is new about online data? It is: Widespread in time and space Persistent, easy to copy, visible to anybody Accessible : easy to find (by search), connect

  1. Personal Control of Your Data Butler Lampson August 8, 2013

  2. Background • What is new about online data? It is: – Widespread in time and space • Persistent, easy to copy, visible to anybody – Accessible : easy to find (by search), connect (by linking) • No privacy through obscurity, anonymity is hard • Data about people in the physical world will be just as important as data that is born digital – Photos, videos, license plates, location tracks, ... • Technology and rules must work hand in hand – Technology supports rules, but doesn’t determine them – “Not allowed to”: regulation; “Can’t”: technology

  3. Principles • What is regulation for? – To maintain a balance of power • among people, companies, and governments. – To serve the public good • innovation, research, law enforcement, traffic control, .... • Existing law covers many cases – Examples: intellectual property, fraud, public records, ... • Choices presented to people must be simple • One screen for the normal case (+ drill-down) • Regulations change slowly , have unintended consequences .

  4. More Regulation is Coming • People: Want personal control of their data – Even if they know they probably won’t exercise it – Allow data handlers they trust to access their data • Regulators: Control of data is a human right – Especially the EU, but perhaps US states too • Firms: Many want consistent, accepted rules, to – Build strong relationships with consumers – Comply with regulation more easily; safe harbor

  5. Who Wins, Who Loses? • Regulation serves personal control • Regulation costs everyone who is regulated

  6. An Ideal for Personal Control • You keep all your data in a vault you control • I bring you a query • If you like the query, you return a result – Otherwise you tell me to go away • This isn’t practical – Too expensive – Too slow – Unclear how I may use the result

  7. Practical Personal Control: Goals • You are empowered to control your data – Find it, limit its use , claim it – Everywhere — Across the whole internet – Anytime , not just when it’s collected – Consistently for all data handlers and devices – Remaining anonymous if you wish

  8. Practical Personal Control: Mechanisms • Data tagged with metadata that links to policy • Simple, coarse-grained policy and good defaults • Personas to manage your different identities • No central database. Instead, two kinds of players: – Agents you choose — like choosing an email provider • Personal Agent : handles personas and claiming; can be offline • Policy Service : tells handlers your policy; must be online – Data handlers , subject to regulation • Anyone who stores or processes your data and is following the rules

  9. Personal Control • You are empowered to control • No central database. Instead – Agents you choose : your data: • Personal agent for personas, claims – Find it, claim it • Policy service to answer handler queries – Limit its use – Data handlers , regulated – Anytime , not just at collection – Everywhere on the internet – Consistently for all data handlers and devices – With simple, coarse policy • With good defaults – Anonymously if you wish • With personas to manage IDs

  10. Scenarios • You move, and you want to know who has your contact information – You update some, e rase others you don’t want • A school needs to contact a parent in an emergency – They use an app that has access to your location data, but reveals only the phone number to call • You want to see fewer, more interesting ads – You disable DoubleClick, keep Neiman-Marcus • A traffic camera records your license plate – DMV records identify you, but you know about the record

  11. How it Works • Data handler tags your data • Policy link is NID + URL PS – NID : Numeric ID with metadata Anonymized unless you sign in – Includes a link to your policy – URL PS : to your policy service – Your agent supplies it along • On re-identification , handler with your data – Stays with the data when the supplies the metadata data is copied Especially for physical world data — • Rule: Handler must check photos, license plates, ... • Policy service tracks handlers, policy before using data – Handler follows policy link and so people can find them • Simple policy, for wide queries policy service deployment

  12. Who Controls What Numeric IDs data, NID+→ (2) Provide data Your agent (NIDs) are NID→ (4) Claim data public keys Identity: NID  data items NID+ is the (1) Set policy metadata Your policy service Handler h (3) Get policy Data items: Policy:  handler,type,NID < type, handler >→ Y/N <NID +, type, bytes> Y/N → ... ... You are Regulator in control makes rules

  13. Onward Transfer Numeric IDs data, NID+→ (NIDs) are (2) Provide data Your agent public keys NID→ (4) Claim data Identity: NID Handler h1  data items Data items: <NID+, type, bytes> ... (1) Set policy (2.5) Transfer data Your policy service data, NID→ (3) Get policy Handler h2 Policy:  handler h2, type, NID Data items: < type, handler >→ Y/N <NID+, type, bytes> Y/N → ... ... You are Regulator in control makes rules

  14. Anonymity Your agent NIDs are public keys Persona map: Different relationships call for different kinds of NIDs persona→NIDs Anonymous: Fresh each session Known: Per web site, tied to cookie Signed-in: Per account, when signed in data, N ID→ Provide data Your agent NID→ Claim data Persona map:  data items You know about your personas persona→NIDs Your persona map tracks <handler , NID>’s Set policy Your policy service used for each persona for each NID Handler h Get policy Data items: Policy:  handler,type,NID < type, handler >→Y/N <NID, type, bytes> Y/N → ... ... You are Regulator makes rules in control

  15. Cheaper Anonymous NIDs NIDs are costly: data, → Provide data token NID+ x Costly to generate keys Your agent → Costly to store policy for each one Claim data K claim NID Persona map:  data items persona→NIDs Instead, tag with a token that hides NID Set policy x Your policy service Token = <TID, URL PS , K claim > for each NID Handler h Get policy Data items: TID = Seal(NID, K PS ) different each time Policy:  handler,type, < token token , type, bytes> NID TID < type, handler >→Y/N URL PS points to a popular policy service ... Y/N → ... K claim = Hash(TID + K person ) You are Regulator in control makes rules TIDs are single- use, so handlers can’t link Policy Service can unseal to get the NID You can claim data from a handler with K claim

  16. Finding Your Data Query Set policy handlers Control starts with knowing who has your data This is tricky: Your policy service You talk to lots of handlers for each NID Handlers transfer data to other handlers List of handlers Policy: Policy Service: < type, handler >→ Y/N . . . Chosen by you Stores policy for each NID data, NID+→ Provide data Your agent Keeps track of handlers NID→ Claim data Persona map:  data items persona→NIDs Query Set policy You can: handlers Your policy service Choose your personas and policy service for each NID Handler h List of handlers Get policy Data items: Set policy for your data Policy:  handler,type,NID < type, handler >→Y/N <NID+, type, bytes> Y/N → ... ... Query for handlers that have your data You are Regulator Claim your data from a handler in control makes rules

  17. Control vs. Privacy • There’s no free lunch, because of coercion – Tracking handlers is useful, but vulnerable • Like browsing history • Forms of coercion – Law enforcement/national security • Need a warrant or subpoena – Personal: parents, spouses, employers, ... • Mitigations – Tell policy service to not track handlers, to delete tracks – Transfer tracks to your personal agent – Plausible deniability of the true tracks • Can crypto help?

  18. Policy • Data-centric , not device or service centric – Metadata stays with the data, points to the data’s policy • Interface to policy is <handler, type>  Yes/No – Can pass more information, maybe get a richer result • Basic policy is very simple, for wide deployment – 7 ± 2 types of data: contact, location, transaction, ... • Can extend a type with a tree of subtypes that can be ignored – Atomic policy : handler h can/can’t use data type t – Composing policies: and , or , else on sets of atomic policies • Encode complex policy in apps – Treat an app as a handler; the app tags its output suitably

  19. User Experience: Principles • One screen holds most people’s policy – In big type – Drill down to more details, for geeks • Templates (from 3 rd parties) + your exceptions • A reasonable default to protect carefree users – Easy to change default to a 3 rd party template • Biggest area for future work – Only the crudest prototype so far

Recommend

GDPR what is it? A new data protection framework which puts individuals back in control of

GDPR what is it? A new data protection framework which puts individuals back in control of

GDPR what is it? A new data protection framework which puts individuals back in control of their personal data ICO 12 steps to GDPR compliance 7. Consent 1. Awareness 2. Document the personal data you hold 8. Children 3. Communicating

540 views • 28 slides
The importance of personal data protection Personal data are accessed and processed exponentially

The importance of personal data protection Personal data are accessed and processed exponentially

The importance of personal data protection Personal data are accessed and processed exponentially Abuse of personal data exploded Risk of data theft, piracy New Cambridge Analytica scandal almost every week Need to

293 views • 14 slides
Capacity : an Abstract Model of Control over Personal Data Daniel Le Mtayer and Pablo Rauzy

Capacity : an Abstract Model of Control over Personal Data Daniel Le Mtayer and Pablo Rauzy

Capacity : an Abstract Model of Control over Personal Data Daniel Le Mtayer and Pablo Rauzy planete.inrialpes.fr/people/lemetayer danielle-metayer @ inriafr pablo.rauzy.name pablorauzy @ univ-paris8fr 2019-03-18 @ CNRS, Paris

888 views • 40 slides
Personal information and data protection What is personal data? Any information about you that

Personal information and data protection What is personal data? Any information about you that

Personal information and data protection What is personal data? Any information about you that can identify you! This could be: your name, address, date of birth or telephone number; the type of job you do; the things you buy;

585 views • 24 slides
Big Data Personal data Personal (Big) Data Personal Information Economy luk vervenne x

Big Data Personal data Personal (Big) Data Personal Information Economy luk vervenne x

Big Data Personal data Personal (Big) Data Personal Information Economy luk vervenne x Separation of Data and Services Application Application Application BIG APPS Rules Sem Application Rules Sem Application Application Rules Sem

535 views • 15 slides
Becoming A Data Champion the law. John Enser A refresher: Data has rules. 1. You need

Becoming A Data Champion the law. John Enser A refresher: Data has rules. 1. You need

Becoming A Data Champion the law. John Enser A refresher: Data has rules. 1. You need permission to collect Personal Data. 2. You can only use Personal Data for the purposes you collected it . 3. You should only use the minimum Personal

410 views • 21 slides
Data Link Control Protocols Example Protocols ITS323: Introduction to Data Communications

Data Link Control Protocols Example Protocols ITS323: Introduction to Data Communications

ITS323 Data Link Control Data Link Control Flow Control Error Control Data Link Control Protocols Example Protocols ITS323: Introduction to Data Communications Sirindhorn International Institute of Technology Thammasat University Prepared

346 views • 34 slides
Processing of personal data under the insurance contract And its consequences for insurance

Processing of personal data under the insurance contract And its consequences for insurance

Processing of personal data under the insurance contract And its consequences for insurance distribution Maria Ins de Oliveira Martins Processing of personal data Maria Ins Martins - preliminary version Personal data as a protected

259 views • 9 slides
HW/SW Codesign Analysis of Control &amp; Data Flow I ECE 522 Control and Data Edges C programs

HW/SW Codesign Analysis of Control &amp; Data Flow I ECE 522 Control and Data Edges C programs

HW/SW Codesign Analysis of Control &amp; Data Flow I ECE 522 Control and Data Edges C programs (and pseudo-code) are often used as prototypes because they represent high-level descriptions of system behavior However, C is sequential and cannot

572 views • 15 slides
For personal use only ADAM SCULLY GROUP EXECUTIVE SALES AND MARKETING nextdc.com CORPORATE

For personal use only ADAM SCULLY GROUP EXECUTIVE SALES AND MARKETING nextdc.com CORPORATE

For personal use only ADAM SCULLY GROUP EXECUTIVE SALES AND MARKETING nextdc.com CORPORATE DATA CENTRES AND SERVER ROOMS IN AUSTRALIA For personal use only For personal use only For personal use only For personal use only HYBRID IS THE

380 views • 35 slides
Definition of Resilience the capacity to maintain personal control and robust attitudes in the

Definition of Resilience the capacity to maintain personal control and robust attitudes in the

Definition of Resilience the capacity to maintain personal control and robust attitudes in the face of challenging events and behaviours Derek Mowbray 2010, revised 2013 Resilience The ability to mitigate the effects of stress i.e

458 views • 8 slides
Helping Your Children Protect Their Personal Data Online Outline of Presentation Online

Helping Your Children Protect Their Personal Data Online Outline of Presentation Online

Sharing with Parents on Helping Your Children Protect Their Personal Data Online Outline of Presentation Online Trends Online Opportunities and Potential Risks Protecting Personal Data Online MOEs Cyber Wellness

743 views • 25 slides
PERSONAL PERSONAL PREPAREDNESS PREP AREDNESS PERSONAL PERSONAL Know the hazards around

PERSONAL PERSONAL PREPAREDNESS PREP AREDNESS PERSONAL PERSONAL Know the hazards around

5/24/2017 PERSONAL PERSONAL PREPAREDNESS PREP AREDNESS PERSONAL PERSONAL Know the hazards around you PREPAREDNESS PREP AREDNESS Make a plan Stay informed Take action Civil Defense Receiver CAN YOU GUESS WHATS SO SPECIAL

398 views • 7 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Free Flow of Non-Personal Data A proposal for a key Regulation to support the data econom y

Free Flow of Non-Personal Data A proposal for a key Regulation to support the data econom y

Free Flow of Non-Personal Data A proposal for a key Regulation to support the data econom y Pearse ODonohue Director Future Netw orks, DG CONNECT EP I MCO 2 3 January 2 0 1 8 CONTEXT Free m ovem ent of data is essential for the

504 views • 6 slides
Pseudonymisation https://bit.ly/2OyWD2u C edric Lauradoux November 22, 2019 Personal data

Pseudonymisation https://bit.ly/2OyWD2u C edric Lauradoux November 22, 2019 Personal data

Pseudonymisation https://bit.ly/2OyWD2u C edric Lauradoux November 22, 2019 Personal data personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural

814 views • 56 slides
Sharing with Parents on Helping Your Children Protect Their Personal Data Online Outline of

Sharing with Parents on Helping Your Children Protect Their Personal Data Online Outline of

Sharing with Parents on Helping Your Children Protect Their Personal Data Online Outline of Presentation Online Trends Online Opportunities and Potential Risks Protecting Personal Data Online MOEs Cyber Wellness Education

290 views • 27 slides
Speech Processing 11-492/18-492 Spoken Dialog Systems Case-study: Personal Digital Assistants

Speech Processing 11-492/18-492 Spoken Dialog Systems Case-study: Personal Digital Assistants

Speech Processing 11-492/18-492 Spoken Dialog Systems Case-study: Personal Digital Assistants Speech-based Personal Digital Assistant Build a speech enabled PDA Speech in/out for individual use Goals Control schedule Control

725 views • 16 slides
Would You Sell Your Mothers Data? Personal Data Disclosure in a Simulated Credit Card

Would You Sell Your Mothers Data? Personal Data Disclosure in a Simulated Credit Card

Would You Sell Your Mothers Data? Personal Data Disclosure in a Simulated Credit Card Application Miguel Malheiros Sacha Brostoff Charlene Jennett M. Angela Sasse Information Security Research Group, Department of Computer Science, UCL

497 views • 20 slides
Briefing on 25 Jan 2016 at ERA@MBSq 1 Data Protection Officer (DPO) Under the Personal Data

Briefing on 25 Jan 2016 at ERA@MBSq 1 Data Protection Officer (DPO) Under the Personal Data

Briefing on 25 Jan 2016 at ERA@MBSq 1 Data Protection Officer (DPO) Under the Personal Data Protection Act 2012 (PDPA), organisations are required to develop and implement policies and practices that are necessary to meet its obligations under

1.02k views • 24 slides
Discovering Your Familys Past in Military and Early Veterans Administration Personal Data

Discovering Your Familys Past in Military and Early Veterans Administration Personal Data

Discovering Your Familys Past in Military and Early Veterans Administration Personal Data Records and Selective Service Records David Hardin, Stephen A. Smith, Daria Labinsky Military personal data records contain a wealth of information about

827 views • 56 slides
Stage 1: Data Due Diligence / RFP Data Confidential Personal Financial Not confidential

Stage 1: Data Due Diligence / RFP Data Confidential Personal Financial Not confidential

Stage 1: Data Due Diligence / RFP Data Confidential Personal Financial Not confidential Customer Proprietary Stage 2: Implementation Partner Contract Use restrictions Consents &amp; ownership Security Liability

395 views • 6 slides
Ontology Domain (world) = a network of states S4 S3 S6 S2 S1 S 7

Ontology Domain (world) = a network of states S4 S3 S6 S2 S1 S 7

Control In Data In Data Out Functional Core Meta data Out Meta data In Control Out Contextor: a Computational Model for Contextual Information Jolle Coutaz, Gatan Rey CLIPS-IMAG, Universit Joseph Fourier, Grenoble, France James L.

508 views • 17 slides
Control Path Design and Lab 3 1 Separating Control From Data The datapath is where data

Control Path Design and Lab 3 1 Separating Control From Data The datapath is where data

Control Path Design and Lab 3 1 Separating Control From Data The datapath is where data moves from place to place. Computation happens in the datapath No decisions are made here. Things you should find in a datapath Muxes

321 views • 16 slides

More recommend