Towards Socially-Responsible Management of Personal Information in Social Networks BlogTalk Asia, Sept 2009 BlogTalk Asia 2009 Jeju, South Korea Jean-Henry Morin University of Geneva – CUI Dept. of Information Systems [email_address] http://jean-henry.com/

Outline Introduction and Context Motivation and Problem Statement Two Important Problems Proposition for Managed Personal Information Design Overview Conclusion and Discussion

Introduction and Context

Motivation and Problem Statement

Two Important Problems

Proposition for Managed Personal Information

Design Overview

Conclusion and Discussion

Introduction and Context Social Networks and Services

Social Networks and Services

Introduction and Context Personal Information Different from Personally Identifying Information (PII) Subject to legal frameworks in most countries Increasingly shared on social networks Blurring boundaries between private and public life Legitimate concern (i.e., rights) over our information in terms of lifetime, usage purposes, access, etc.

Personal Information

Different from Personally Identifying Information (PII)

Subject to legal frameworks in most countries

Increasingly shared on social networks

Blurring boundaries between private and public life

Legitimate concern (i.e., rights) over our information in terms of lifetime, usage purposes, access, etc.

Problems and Issues Publish / share once, publish / share forever Indexing and searching Who “owns” and manages YOUR information (SLAs) ? Raging debates. Who’s information is it ? Do you retain control ? Semantic searching capabilities

Publish / share once, publish / share forever

Indexing and searching

Who “owns” and manages YOUR information (SLAs) ? Raging debates.

Who’s information is it ?

Do you retain control ?

Semantic searching capabilities

The Right to Forget Right to Forget : fundamental human right threatened by the digital nature of information (i.e., searchable) Traditional Media (i.e., non digital) “Memory” erodes over time Labor and cost intensive Digital Media , requires explicit human intervention to “make forget” information (Rouvroy, 2007)

Right to Forget : fundamental human right threatened by the digital nature of information (i.e., searchable)

Traditional Media (i.e., non digital) “Memory” erodes over time

Labor and cost intensive

Digital Media , requires explicit human intervention to “make forget” information (Rouvroy, 2007)

Anonymity and Privacy Anonymity and Privacy are fundamental to social networking It’s not a “bug”, it’s a feature ! It’s not schizophrenia ! Multiple legitimate personas (e.g., work, family, communities, etc.) How do we deal with it in a socially-responsible and ethically sustainable way ? Cyber bullying (e.g., Akple in Korea) Requires traceability and accountability of information (i.e., managed information)

Anonymity and Privacy are fundamental to social networking

It’s not a “bug”, it’s a feature !

It’s not schizophrenia !

Multiple legitimate personas (e.g., work, family, communities, etc.)

How do we deal with it in a socially-responsible and ethically sustainable way ?

Cyber bullying (e.g., Akple in Korea)

Requires traceability and accountability of information (i.e., managed information)

Key Question Is Privacy and personal information threatened by current social networking services ? We contend there is a need for Managed Personal Information Socially-responsible and sustainable How can we retain an acceptable (by all) level of control over our personal information ?

Is Privacy and personal information threatened by current social networking services ?

We contend there is a need for Managed Personal Information

Socially-responsible and sustainable

How can we retain an acceptable (by all) level of control over our personal information ?

Proposition Personal Information should be augmented with a layer accounting for its management Alongside other metadata increasingly used in addressing the semantic dimension of our electronic services

Personal Information should be augmented with a layer accounting for its management

Alongside other metadata increasingly used in addressing the semantic dimension of our electronic services

Moving forward: Design Overview DRM Highly controversial but a necessary evil likely to stay Exception Management An accountable approach to deal with the lack of flexibility of DRM A socially-responsible (yet economically viable) alternative to the deceptive approaches of current DRM systems

DRM

Highly controversial but a necessary evil likely to stay

Exception Management

An accountable approach to deal with the lack of flexibility of DRM

A socially-responsible (yet economically viable) alternative to the deceptive approaches of current DRM systems

Digital Rights Management (DRM) What is DRM ? Technology allowing to cryptographically associate usage rules to digital content Rules govern the usage of content Content is persistently protected wherever it resides Examples : Recipients of an email cannot FORWARD, PRINT, COPY the email A document EXPIRES on September 16, 2009 and can only be accessed, in READ ONLY , by BlogTalk and Lift Asia attendees CEO delegates to CCO the right to also manage policies provided an audit trace is logged, etc. Where is it used ? Initially fueled by the Media & Entertainment Since 2003 : Enterprise sector fueled by corporate scandals (Enron, etc.), compliance issues, regulatory frameworks, etc. Software and gaming industries

What is DRM ?

Technology allowing to cryptographically associate usage rules to digital content

Rules govern the usage of content

Content is persistently protected wherever it resides

Examples :

Recipients of an email cannot FORWARD, PRINT, COPY the email

A document EXPIRES on September 16, 2009 and can only be accessed, in READ ONLY , by BlogTalk and Lift Asia attendees

CEO delegates to CCO the right to also manage policies provided an audit trace is logged, etc.

Where is it used ?

Initially fueled by the Media & Entertainment

Since 2003 : Enterprise sector fueled by corporate scandals (Enron, etc.), compliance issues, regulatory frameworks, etc.

Software and gaming industries

Rethinking & Redesigning DRM: Exception Management Acknowledge the Central role of the User and User Experience Reinstate Users in their roles & rights Presumption of innocence & the burden of proof Fundamental guiding principle : Feltens’ “ Copyright Balance ” principle (Felten, 2005) “ Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted material should not be prevented from doing so by any DRM system.”

Acknowledge the Central role of the User and User Experience

Reinstate Users in their roles & rights

Presumption of innocence & the burden of proof

Fundamental guiding principle : Feltens’ “ Copyright Balance ” principle (Felten, 2005)

“ Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted material should not be prevented from doing so by any DRM system.”

Rethinking & Redesigning DRM (cont.) Exception Management in DRM environments, mixing water with fire ? Reversing the distrust assumption puts the user “ in charge ”, facing his responsibilities Allow users to make Exception Claims , granting them Short Lived Licenses based on some form of logging and monitoring Use Credentials as tokens for logging to detect and monitor abuses Credential are Revocable in order to deal with abuse and misuse situations Mutually acknowledged need for managed content while allowing all actors a smooth usability experience

Exception Management in DRM environments, mixing water with fire ?

Reversing the distrust assumption puts the user “ in charge ”, facing his responsibilities

Allow users to make Exception Claims , granting them Short Lived Licenses based on some form of logging and monitoring

Use Credentials as tokens for logging to detect and monitor abuses

Credential are Revocable in order to deal with abuse and misuse situations

Mutually acknowledged need for managed content while allowing all actors a smooth usability experience

Putting the pieces together Augmenting information with usage rights appears to be a promising path towards : Socially-Responsible management of personal information in social networks and services Enabling Exception Management may offer the much needed flexibility lacking in traditional rights management environments Much work remains to be done

Augmenting information with usage rights appears to be a promising path towards :

Socially-Responsible management of personal information in social networks and services

Enabling Exception Management may offer the much needed flexibility lacking in traditional rights management environments

Much work remains to be done

Conclusion Call for Action ! We need to innovate Co-creation of value: Requires a transdisciplinary approach (law, business, sociology, ethics, engineering, design, etc.) Involving all the stakeholders Engineering is “easy”, getting it “right” in a mutual socially responsible way is hard but a great societal challenge

Call for Action ! We need to innovate

Co-creation of value:

Requires a transdisciplinary approach (law, business, sociology, ethics, engineering, design, etc.)

Involving all the stakeholders

Engineering is “easy”, getting it “right” in a mutual socially responsible way is hard but a great societal challenge

Questions - Discussion 귀하의 관심에 감사드립니다 Thank you Jean-Henry Morin University of Geneva – CUI Dept. of Information Systems [email_address] http://jean-henry.com/

귀하의 관심에 감사드립니다

Thank you