TRIP Workshop Abstracts
Hamed Haddadi Queen Mary University of London The Value of Privacy and Monetization of Information
Researchers have been working on privacy preserving profiling, advertising, data mining, and user monitoring systems for a decade now, but we are yet to see a real world deployment. In this talk I will discuss some of the players in this ecosystem, their strengths and strategies, and the shortcomings of computer science solutions in this space. The talk is based on a number of recent papers and studies.
Session 1: Privacy
Samir Passi Royal Netherlands Academy of Arts and Science (KNAW) 'Slide to Unlock?' – Mobile convergence and collapsing contexts
This presentation will highlight privacy issues raised by increasing access to social networks made possible by various mobile applications. I will focus on the unintended consequences of the ability of third-party apps to interact not only with the online databases and services of social networks but also with a user's personal data within the mobile device itself. The content of the presentation is based on the review work that I am currently doing for the EINS JRA 5.1.1 deliverable (Analysis of Privacy, Reputation, and Trust in Social Networks) and relates to the disciplines of Science and Technology Studies (STS) and Information and Communication Technology (ICT).
Online social networks – which primarily started out as web services – have now evolved into social platforms that not only serve individual users but also offer developers the means to interact with the platform. Social networks such as Facebook, Foursquare, and Google+ provide programming interfaces that developers can use to build applications that can interface and interact with the platform's data and services. Depending upon the nature of the network, these third-party applications can then generate novel means to catalogue, classify, and correlate information pertaining to the entire user base of multiple social platforms. A famous example is the TweetDeck application that allows its users to simultaneously interact with Facebook and Twitter.
With the widespread diffusion of smartphones and tablets, such ability for novel and large-scale convergence of social information has implications for the sociology of user expectations concerning user information privacy. Through their mobile variants, these applications can scan a user's contacts, messages, mobile photos, and location in addition to information from various social platforms. This sometimes leads to situations where the ability of these apps to 'use' the gathered data has unintended consequences. An oft-cited example of this was 'Girls around me'. Through this app, a person could search around his/her location for nearby girls. The app took public data from Foursquare and coupled it with the public images of girls on Facebook to provide the user with an interactive map displaying a comprehensive visualization of information pertaining to girls around his/her location. Although the app was subsequently taken down, the example clearly depicts how third-party social applications can have consequences for societal notions of privacy and trust by facilitating novel means of large-scale tagging, identifying, and converging not only online information but also the exact locations of mobile users.
An in-depth understanding of public and private contexts in relation to characteristics particular to the mobile medium provides a relevant point of entry to examine such privacy and trust issues. Although Facebook photos and Foursquare check-ins might have separately been made public by certain users, the combination of the two coupled with an exact location on the map is certainly not what these girls explicitly consented to. By identifying and merging particular bits of scattered information, apps such as 'Girls around me' facilitate the collapsing of public and private contexts and pose a substantial threat not only to an individual's privacy and personal security but also to socially acceptable forms of data mining.
Moreover, although such apps can be regulated on standardized app-stores provided by Google or Apple, the ease of working with social and mobile platforms makes it increasingly difficult to manage and govern the intentionality of the large number of mobile apps that are developed each day. Social networks and mobile devices have now become ubiquitous tools that are used by individuals to manage their everyday lives and mobile app development has become a substantial market in itself. In such a scenario, it is imperative to examine the implications of the ability of third-party applications to facilitate the large scale convergence of user information in ways that are quite novel and non-traditional. In a time when 'privacy as contextual integrity' and 'privacy by design' are issues that are featured prominently on the societal agenda, this presentation will provide insights into questions such as what contextual integrity translates to for the increasingly ubiquitous mobile medium or what must we know before we start designing privacy into mobile apps and social platforms?
Rayman Preet Singh, S. Keshav and Tim Brecht University of Waterloo PEDE: A Cloud-Based Personal Execution and Data Hosting Environment
Increasing amounts of data are being generated and collected by, on behalf of, and about individuals.
Some of this data is generated by traditional applications and services like document processors, e-mail, media-sharing services, web browsers, instant messaging, and social networking services. Other emerging sources of data include devices that act as sensors to record data such as smart metering, heath-care monitoring, smartphone-based sensing, and monitoring of individuals' banking and shopping activities. Most often, data is collected by service providers who take ownership and full control of the data – thereby risking users privacy - in exchange for free services. There is a growing discomfort among consumers about relying on the service providers' changing privacy policies, losing data privacy and control, and having to trust these services. This is evident from dissent against leading social networking and media sharing services, and cases of serious user resistance to the installation of smart meters collecting energy consumption data. These concerns are not without warrant as recent research has demonstrated that such data can be mined to reveal private information about users. For instance, energy consumption data from smart meters can be used to determine occupancy, appliance use, and even the TV channel being watched! Other forms of user data such as messaging, photos, videos, location, health statistics, spending activities are unarguably private in nature and their collection by service providers poses new threats to user privacy. However, keeping user data completely private makes it impossible to make data driven recommendations to users that could benefit them. Our goal is to build an environment that balances data privacy and data analytics.
We propose constructing a framework in which users place their data at a universally accessible location that they own and control individually. A user's data resides in the cloud within her Personal Execution and Data Environment (PEDE) which provides reliable storage for hosting the data, and computation to run applications on the data. The use of modern clouds for hosting PEDEs relieves the user of the problems of warehousing the data, its accessibility, computation resources for its processing, and its consolidation from multiple sources, which arise when commodity devices are used for the purpose. Users download applications to their PEDEs and they interface with users' data and other services a PEDE may offer. Being a PEDE owner, a user can configure applications' access to the data (and services) and can impose her own privacy policies, enabling a privacy-preserving application ecosystem for the data, which remains under her purview at all times. In this ecosystem, third party developers build applications that process the data, generating meaningful results for the user, enhancing data value, while fully respecting users' data ownership, privacy and control. Much like app stores for mobile devices that have enriched the user experience, such an ecosystem would enable innovation in data processing which is currently frozen because of user data being locked with service providers.
We are studying a cloud-based architecture that uses PEDEs to allow users to provide third parties with fast, consolidated, universal, and privacy-preserving access to their data while retaining complete ownership and control of the data. We build example applications to demonstrate how appliance vendors, energy auditors, and other third parties can develop consumer applications using our platform while preserving consumer privacy. Possible use cases of this platform include: applications performing detailed analysis, tailored to individual users, for quantifying benefits of purchasing energy efficient appliances, and for helping users better understand and control their energy consumption.
Prior work has recognized the problem of data privacy and offered theoretical advances, such as differential privacy and homomorphic encryption. It provides protocols that protect the privacy of the data while enabling computations on that data. Unfortunately, prior work does not describe systems to enable application development and deployment. Our work is unique in that it leverages the rich infrastructure of modern clouds to provide an environment for the implementation of these algorithms.
Yves-Alexandre de Montjoye, Alex "Sandy" Pentland MIT Media Lab Protecting thePrivacy of Personal Datathrough Change of Ownership
Personal data—digital information about users' location, web-searches, and preferences—is undoubtedly the oil of the new economy. However, the same smart algorithms which conveniently advise you on the next movie you should watch or restaurant you should eat at can also infer more than you might want to from seemingly harmless data.
Our contribution is two-fold. First, we argue that as soon as personal data becomes rich enough, it cannot be generically anonymized without severely limiting its uses. Second, we introduce openPDS, a privacy-preserving personal data store. openPDS allows for generic, on-the-fly uses of personal data while protecting user privacy. Such a user-centric model defines a new paradigm for protecting internet privacy.
In this work, we review existing privacy literature and de-anonymization methods with a focus on high-dimensional data and, more particularly, on location data. We argue that there are no privacy preserving methods that anonymize the data a priori for a broad range of uses. Such limitations make it essential for users to control their personal data. A change of data ownership has thus been proposed by the National Strategy for Trust Identities in Cyberspace, The Department of Commerce Green Paper, the Office of the President's International Strategy for Cyberspace, and the European Commission's 2012 reform of the data protection rules.
We introduce openPDS, an implementation of this new ownership model through a personal data store owned and controlled by the user. openPDS supports the creation of smart, data-driven applications while protecting the privacy of users' personal data. As openPDS allows for third-party applications to be installed, sensitive data processing can take place within a user's PDS through a secure question answering framework. This framework allows the dimensionality of the data to be reduced on a per-need basis before being anonymously shared. Unlike existing methods, such a privacy-preserving scheme does not require access to the whole database. openPDS also engages in privacy-preserving group computation to aggregate data across users. This framework simplifies a lot of the traditional security problems such as broad query restrictions and abuses, security of cloud storage, or reputation and trust systems. Our initial deployment monitored through smartphones the daily behavior of a set of individuals with diagnosed mental problems and offered a first qualitative evaluation of the system. A large-scale deployment will start in Trento Italy in November in partnership with Telecom Italia.
As technologists and scientists, we are convinced that there is an amazing potential in the use of personal data, but also that benefits should be balanced with risks. By reducing the dimensionality of the data on the fly or by anonymously just answering questions, openPDS opens up a new way for individuals to regain control over their privacy, while allowing them to unlock the full value of their data.
Bernie Hogan Oxford Internet Institute Everyday Privacy: The complexities of managing audiences on social media
When we consider privacy as a form of boundary maintenance, the notion that social media erodes privacy comes into sharp relief. Rather than focusing on Twitter and Facebook's data retention and distribution policies as forms of privacy safeguards, I consider their very structure and capacity to manage information. To this end, I am less focused on the ultimate security of these platforms, and more on their ability to enable individuals to self-regulate information diffusion.
In this talk I cover this issue by articulating a tension between per-account filtering as conceived through social network analysis and persona-based approaches to maintaining privacy. I assert that per-account filtering is radically inadequate for the management of information. That is, we ought to consider social media spaces as contexts in their own right, rather than places where we cope with the collapsed context of everyday life. This account draws on empirical research, network visualization and sociological theories of impression management and boundaries.
Session 2: Reputation
Dr. Laura Toogood Digitalis Reputation, London Online Reputation Management: A perspective from the industry
The field of Online Reputation Management (ORM) has emerged as an increasingly important component of the digital industry. Over the last couple of years, a select number of specialist firms have been successfully operating in this sector. Through the emergence of a professional field of ORM, it is clear that there is a recognised need for private individuals, corporate organisations and products to manage their online reputation.
The online reputation needs of private clients typically include dealing with crisis situations, general online profile management and constant monitoring of the Internet to help mitigate risk. Individuals typically become frustrated when the search profile for their name is considered an unfair representation or contains negative content. Another key concern is the longevity of third party generated content, which ranks highly for the client name. Such content can consist of archives of newspapers or other commentary that is available to users of search engines. This content is considered to have a more permanent impact on a client's reputation than the print equivalent.
Private clients that engage with ORM are principally apprehensive about the lack of ability to control their profile in the online space. A common requirement relates to securing a presence on the SERPs, in order to ensure that Internet users view authentic and controlled content as a result of a search query.
Some of the processes of ORM include overseeing individual projects, devising strategy and deploying resources, in order to address such client concerns. Various technical strategies enable the manipulation of search engine results pages (SERPs) in order to ensure a client has the desired online profile when Internet users search for certain keywords. Content that is perceived as positive or neutral by the individual is typically promoted to rank highly in the SERPs, thus demoting negative content.
Some individuals do not want an obvious Internet presence and require some level of anonymity to be implemented. Others desire a strong presence and require advice on utilising personal websites and social media profiles. Client's requiring the latter commonly demonstrate a lack of skill and understanding about using web assets and are nervous about how to portray their persona online.
Therefore, ORM not only addresses the SERPs, but also encompasses social media use, as well as online branding and positioning. Collaborative work takes place between ORM experts, reputation lawyers, publicists, private security firms and PR companies to service the needs of private clients.
ORM is an area of research that fits into the use of social media content as a resource in personal strategies of manipulation and maintenance of online persona. Therefore, the demand for ORM poses some important questions: What causes certain individuals to place value on how they are portrayed in the online space? Is it possible for your physical reputation to be aligned with an online persona and can these become unified and communicated successfully in the digital space?
From an industry viewpoint, I will present some case studies that have been anonymised, along with a number of suggestions for future research. This will illustrate the need for developing a clearer understanding of what drives certain individuals to engage with ORM.
Marco Bani Scuola Superiore Sant'Anna How to build, measure & use 'social reputation' to foster a better democracy: Principles and practises for online trust in e-democracy processes
For several years governments invested significant resources in the digital management of democratic processes. Furthermore, e-government, with the introduction of ever more collaborative and immersive digital tools, such as social media, has moved away from the simple digitalization of document processes, organizational and decision-making within the administration, towards a new model that involves citizens (and communities of) in the co production and sharing of information, provision of services and participatory policies, which may lead to a new reconsideration of e-democracy theories.
These processes require the acquisition and management of a large amount of information, which rise some questions about the profiles related to the protection of individuals and social control. It is not just a matter of privacy, but the new online interactions promoted by social media require a greater mutual accountability and a better evaluation of others social aspects such as reputation, trust and acknowledgements.
Trust in institutions has been steadily declining in the Western democracies and the possibility of developing a real partnership between citizens depends on the degree of transparency and accountability they are able to offer. Governments should be more reachable, available and relevant to users, delivering responsiveness of policy to technological change and fostering a "call to action" of their citizens, giving motivations that will encourage usage of government services through online platforms. Motivations which do not necessarily being financially, but mainly related to "social reputation", the true currency of web.
The value of reputation is not a new concept to the online world: we can see that whether in e-commerce sites, as the star ratings on Amazon or the PowerSellers system on eBay, or in online communities, from the smallest one to the biggest, such as Wikipedia. People understand that the way they behave online will impact their ability to maintain a presence on those sites as well as perform all sorts of transactions in the future. In the same way citizens who help their local community would be recognized for the vital role they play in generating different kinds of wealth for society. "Social currency" enables people to connect and collaborate like never before and shape public sphere where innovations occur and anyone can benefit from the adoption of new technologies and ideas. Moreover, in the development of civic actions, a very high degree of trust is required between strangers, and democratic stakeholders (governments, citizens and civil society) need to conceive "social currency" as an accurate and legitimately powerful tool and encourage users not to misuse it, to make digital and social identities actually truly reflect participation in democratic process, acknowledging participation according to fair and equality principles.
A reliable system of "social reputation" is needed to avoid the high risk of pollution of participatory policies by corporations, lobbyists or people who want to affect negatively for their own good, already present in great numbers in the actual digital public sphere. Besides that, the methods and resources used so far for trust in peer policies are fundamentally disorganized. In the past year, a plethora of reputation services have launched to serve as the connective tissue of reputation and trust across the web. But no one has risen as standard for a use in e-government process. The various reputation systems differ not only in their approaches and implementation, but also in guiding principles. This uncertainty prompts a number of key questions: it is possible to rank trustworthiness in the digital public sphere for e-democracy processes? It is possible to use tools and principles already used in web communities to calculate "social reputation"? Is user data from social media useful in increasing trust? Will a single"social reputation" score work across multiple platforms? And what procedures are in place to ensure users' privacy, the accuracy of the rankings, the ability to address mistakes in rankings and the necessary acknowledgments to reward who is actively involved in civic engagement?
This paper analyzes innovative practices in the evaluation of "social reputation" to support the participation of citizens (and communities) in a reshaped public sphere, and recommends principles in order to foster a more active and trustful engagement, guessing that having an accountable social reputation system holds enormous potential for sectors where trust is fractured, such as politics and actual democracy.
Session 3: Identity & Trust
Ninia Azzopardi Oxford Brookes University An Exploratory Study on how Customers feel towards the EU Cookie Law, and if it affects their trust towards a website
Purpose - Past research on internet privacy has observed how consumers are concerned about the privacy of their online information and how easy it is for companies to gather, store and share this information. As e-consumers are lacking the knowledge on cookies, this research focuses on whether the change in the Privacy and Electronic Communications (Amendment) Regulations 2011 law (The Cookie Law) will affect e-consumers' trust towards a website, as websites must now require consent from users and provide information about the purpose of storing cookies.
Based on past research, it was found that the following six variables; Perceived Privacy, Perceived Security, Perceived Risk, Context, Quality and Consumers' Propensity to Trust, affect online trust.
Methodology - The research approach adopted in this dissertation was a qualitative exploratory study which was carried out through fifteen interviews. All respondents were asked about how they feel towards the six variables before and after the law was implemented, and their views towards the Cookie Law.
Findings - The results showed that users perceived the Cookie Law to be positive and a step in the right direction, though they feel that companies fail to ensure compliance with the law. Surprisingly, the findings also showed that most users seem to be unaware of the existence of this law, even though it was enforced to help users control their data.
Karmen Guevara University of Cambridge Identity and Trust the Foundations for Privacy
Historically, the notion of privacy has evolved in response to technology. New layers of privacy have evolved in response to concerns over the intrusion introduced by new technologies. This creates a powerful dynamic between the social technologies and the inherent need for privacy and restrictions on disclosure which underlie human behaviours. Such motivations contribute to privacy becoming a far more complex construct, due to the underlying socio-cultural and psychological factors.
Identity and trust are fundamental to privacy. Maintenance of privacy is held to be conserved through trust. Therefore, our focus is on identity. So trust is considered within this context. An examination of identity is based on the axes around which the formation of identity occurs and its dimensions are at the root of the continuous construction process of building an identity. The dynamic tensions that lie at the core of identity are considered with the implications for in real life and on-line trust and privacy behaviours.
The new dimensions of identity that are emerging from the interactions with social technologies are giving rise to new trust heuristics and privacy behaviours. These are explored in juxtaposition with the chasm that exists between users in real life and on-line privacy behaviours during this period in which a new layer of privacy is being evolved.
Trust, privacy and disclosure behaviours are drawn from subconscious emotional drives and responses. Therefore, the examination of identity and privacy is framed around the subconscious processes underlying behaviours. The theoretical framework applied is drawn from Psycognition which is based on the theory that behavioural motives originate from the subconscious and therefore are significant because they directly influence individuals' perceptions and conscious behaviors.
A Psycognitive perspective is different from a purely psychological one, in that it takes a holistic socio-cultural systemic perspective of behaviours and the underlying subconscious processes. The Psycognitive approach is drawn from the disciplines of Human Sciences, Integral Theory, Evolutionary Psychology and Holistic Psychotherapy.
The methodology explored here includes the models applied in such an examination, for example, the Organisation of Experience, the Dynamic Feedback Loop and a Psycognitive Layered Architecture.
Conclusions are drawn from the data collected from an aggregation of field studies in which investigations of individuals' core beliefs and behaviours relating to trust, privacy and security were conducted.
Prof. Alessandro Mantelero Politecnico di Torino Competitive Value of Data Protection: the Impact of Data Protection Regulation on Online Behaviour
In many contexts and debates, data protection laws are considered as an undue burden over enterprise activities, limiting their business opportunities, reducing their innovation in offering customized services and increasing their operating costs.
Some studies have demonstrated the limits and the lack of empirical evidence of these assumptions. On the one hand, the costs related to data protection are low and in many cases have indirect positive effects on different aspects, especially in terms of increased level of enterprise data security. On the other hand, although some projects find a barrier in data protection rules, in many cases this is due to an inadequate design of the project, focused on technical or business profiles without taking into adequate consideration the aspects concerning the protection of individuals.
At the same time, the increasing demand of individuals to have their privacy respected has generated new privacy-oriented services, increasing competition and innovation. From this perspective, the individual and social attitude towards privacy assumes a significant role in business activities and could become an important element in order to build trust in service providers. On the other hand, the lack of data protection increases the risks of illegitimate access to information or misuse of personal data, with a potential chilling effect on individual propensity for sharing and communicating personal information.
These needs become more relevant and perceived in the context of social networks, where service providers are collecting large amount of data (Big Data) in order to extract predictive information about individuals and social groups. In this sense, the recent EU proposal for a general data protection regulation contains different elements that can reinforce trust in data management. We could identify three different main lines in the proposal that have positive effects on trust in data management: reinforcement of attention to the design of the data processing, increased compliance to legal data protection framework, reinforcement of user's rights.
Historically, data protection rules attach great importance to the technological aspects concerning the processing of information, in order to define adequate procedure that guarantee a high level of protection. In this sense the data protection impact assessment, the privacy by design/by default approach and the preference for minimizing data collection are different solutions suitable to increase user's trust in the management of their data. At the same time, data portability and a more detailed regulation on the right to be forgotten reinforce the self-determination of the user in the social networks. Finally, the uniform approach adopted by the regulation, the different remedies and solutions adopted in order to increase the compliance to data protection rules (sanctions, audit, data breach notification, labelling) constitute further elements suitable to reinforce user's confidence.
Having made this initial assessment of the new EU Proposal for a general data protection regulation, it is important to define and analyse the role of identity management systems in social networks and their impact on profiling. From this perspective, the interaction between government and private sector in the field of authentication systems, the prevention of the risks of social control and the importance to preserve anonymity with regard to the freedom of expression assume particular relevance. An uncertain framework on these different aspects can have a negative impact on users, limiting freedom, self-determination and interaction in social networks.