Privacy Science Robert Thibadeau, Ph.D. Director, Internet Systems Laboratory http://www.internetlab.ri.cmu.edu Institute for eCommerce School of Computer Science Carnegie Mellon University Pittsburgh, Pennsylvania Privacy Science, Copyright Robert Thibadeau, CMU,
Download ReportTranscript Privacy Science Robert Thibadeau, Ph.D. Director, Internet Systems Laboratory http://www.internetlab.ri.cmu.edu Institute for eCommerce School of Computer Science Carnegie Mellon University Pittsburgh, Pennsylvania Privacy Science, Copyright Robert Thibadeau, CMU,
Privacy Science Robert Thibadeau, Ph.D. Director, Internet Systems Laboratory http://www.internetlab.ri.cmu.edu Institute for eCommerce School of Computer Science Carnegie Mellon University Pittsburgh, Pennsylvania Privacy Science, Copyright Robert Thibadeau, CMU, 2001 1 Examples of Hard Problems • Negotiating in a Millisecond – Default : no negotiation (but is this realistic?) – The human mind is not fast enough to make new decisions – Persona/Virtual Identities : Pre-understood agreements. • • Linkability == Inductive Reasoning == we don’t know to do… (Thresholds?) Email as PII – 17 year olds – no? – 57 year olds – yes? • Jurisdiction Mixing – What is the answer when there is no answer? – E.g., European living in America – …Micro-Jurisdiction / Self-Jurisdiction / Personal Info Sphere? » Global Identities Privacy Science, Copyright Robert Thibadeau, CMU, 2001 2 Information Privacy •Technology •Law No matter how much you want to, you can’t get technology out of privacy or the law out of privacy Privacy Science, Copyright Robert Thibadeau, CMU, 2001 3 Reasons • There is no technically perfect solution possible : Thomas Jefferson’s notion of public and private. – Therefore the Law becomes Indispensible • Technology – actually the computer – will always surprise you : The Turing Principle – Therefore Technology cannot be frozen to a form • Technology – you need locks on the doors, stuff to make the laws easy to use, and policing of the laws – This requires Technology Privacy Science, Copyright Robert Thibadeau, CMU, 2001 4 Privacy Server Protocol http://yuan.ecom.cmu.edu/psp • Port-based, not (necessarily) HTTP – Scope : Persistence in Time and Scoping across Modality • • P3P Vocabulary (as excellent starter) Negotiated Privacy – Persona Driven • Bilateral Privacy – Museums - Universal Studios – Ford Have Privacy Needs Too • Non-Repudiate-able Contracts – Utilizing ASN.1/SMPTE 298M/DVBX Globally Unique Contract Names without central servers. Privacy Science, Copyright Robert Thibadeau, CMU, 2001 5 CMU PERSONA MODEL Client Browser Web Site User Agent Server Agent Amazon Shopper BN Shopper Schwab StockPicker BUY Shopper DoubleClick User CMU Shadow Privacy Policy Agreements Amazon Shopper DoubleClick User Database System Privacy Science, Copyright Robert Thibadeau, CMU, 2001 6 CMU PERSONA MODEL Client Browser Web Site User Agent Server Agent I want the Shopping Cart Amazon Shopper Need to be a Shopper Schwab StockPicker DoubleClick User I ‘m an Amazon Shopper BN Shopper BUY Shopper Amazon Shopper CMU Shadow OK, Sign Here DoubleClick User OK, Now you Sign Database System Done, Come on In! Privacy Science, Copyright Robert Thibadeau, CMU, 2001 7 CMU PERSONA MODEL *ALT Client Browser I want the Shopping Cart Server Agent User Agent Need to be a BN Shopper Amazon Shopper Schwab StockPicker DoubleClick User CMU Shadow Web Site What’s That? It’s This P3P Policy Can I be an Amazon Shopper? OK, Sign Here OK, Now you Sign BN Shopper BUY Shopper Amazon Shopper DoubleClick User Database System Done, Come on In! Privacy Science, Copyright Robert Thibadeau, CMU, 2001 8 CMU PERSONA MODEL *ALT Client Browser User Agent I want the Shopping Cart Server Agent Need to be a Shopper Amazon Shopper Schwab StockPicker DoubleClick User Web Site Can I be an Amazon Shopper? BN Shopper BUY Shopper OK, But you need to be DoubleClick User TOO! Amazon Shopper CMU Shadow OK, Sign Here DoubleClick User OK, Now You Sign Database System Done, I’m Coming In! Privacy Science, Copyright Robert Thibadeau, CMU, 2001 9 cmu persona A Persona is a Set of Credentials of which a Proper Subset is distinguished for Authorizing Access To the Remainder of the Set Username : <string> Password : <string> Name : <string> Credit Card Number : <string> Card Expiration : <string> Mailing Address : <string> Mothers Name : <string> Child Persona : <p-name> … P3P APPEL : <script> Credentials as Other Persona Recogniz-er : <script> FillerIn-er : <script> Communicat-er : <script> HowToUse-er : <script> Privacy Science, Copyright Robert Thibadeau, CMU, 2001 10 cmu persona interface IE/Netscape Plugin is EMPTY PERSONA EDIT OR APPLY ENGINE Fill it with actual person in different ways: CMU PERSONA PLUGIN Active Persona Storage REMOTE BASESTATION WEB SERVER : PORT 80 (Web Page Activates Persona) AMAZON SHOPPER AMAZON SHOPPER MY OTHER SHOPPER MY OTHER SHOPPER My Secure Hard Disk OR My Floppy Disk THIRD PARTY WEB SERVER : PORT 80 Like to Use Amazon Shopper Privacy Science, Copyright Robert Thibadeau, CMU, 2001 11 Technological Organization David-Olivier Jaquet-Chiffelle [email protected] Anonymity Pseudoanonymity Unlinkability Practical Theoretical Unobservability Conditional Unconditional Privacy Science, Copyright Robert Thibadeau, CMU, 2001 12 Legal/Technical Organization ‘The Law defines its own world’ Pseudoanonymity Anonymity Technical Law Unlinkability Unobservability Conditional Unconditional Privacy Science, Copyright Robert Thibadeau, CMU, 2001 13