Digital Responsibility: towards a new world order ?


Published on

Our digital society has undergone profound transformations in the way we work, learn, live and participate. Having transformed our world into a great co-creation Wiki challenges many assumptions and models that need to be revisited. Based on several examples in the area of security drawn from the industry and our research, we argue there is an emerging notion of Digital Responsibility paving the way to further significant societal changes. A new world order or incremental changes ? One thing is sure, ICT has and will continue to challenge our historical assumptions requiring major mindset changes and more transparency.

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Digital Responsibility: towards a new world order ?

  1. 1. Digital Responsibility:Towards a New World Order ? National Information Society Agency Seoul, South Korea Prof. Jean-Henry Morin University of Geneva – HEC Institute of Services Science Seoul, November 9, 2011
  2. 2. Outline•  Intro & Context•  Example #1 : Trust in the Digital Age •  1 Paradox •  3 situations •  Enterprise & Corporate Sector •  Entertainment & Media •  Cloud Computing •  1 Discussion•  Example #2 : Personal Information in the Digital Age•  Discussion and Open IssuesJ.-H. Morin
  3. 3. Context
  4. 4. Smart Society (NIA 2011)   Beyond Web 2.0   Core Values for a Sustainable Future:   Openness   Sharing   Cooperation Are we ready for this ? Ludwig GatzkeJ.-H. Morin
  5. 5. Example #1Trust in the Digital Age
  6. 6. A Paradox We talk about Trust and Trusted Computing in the digital age… …but everything relies on a distrust assumption J.-H. Morin
  7. 7. Situation #1Enterprise & Corporate Sector
  8. 8. Who has NEVER « worked around » security policies to legitimately complete work that systems Prevented from doing ?J.-H. Morin
  9. 9. 53 % !!!J.-H. Morin
  10. 10. Enterprise & Corporate Sector: Corporate Security Policies •  53% admit circumventing corporate security policies to get the work done (EMC RSA Security, 2008) •  Among the most cited reasons justifying circumventing corporate security policies (Cisco, 2008) a)  Doesn’t correspond to the operational reality nor to what is required to get the work done b)  Need to access applications not belonging to or authorized by corporate IT policies to work •  Consequences: increase in risks and costs •  Requires « creativity » to get the job done ! •  Increased stress due to unauthorized actions •  Inefficiencies •  Untraceable transgressions / violationsJ.-H. Morin
  11. 11. Situation #2Entertainment & Media
  12. 12. New Media Warrants New Thinking © Chappatte in "Le Temps" (Geneva), Jan 21, 2006J.-H. Morin
  13. 13. How did we get here… … a dystopian scenario ? J.-H. Morin
  14. 14. Some Popular Misconceptions •  Information Wants to be “free” •  DRM is Evil : “Digital Restriction Management” (FSF, EFF, etc.) •  Users are Criminals : 12 year old girl sued by RIAA •  P2P is “bad” : File Sharing & Downloading is a Crime Etc.J.-H. Morin
  15. 15. Remix & © Ted Talks, Mars 2007 Larry Lessig: How creativity is being strangled by the law Music VS dancing toddlerFair Use ?
  16. 16. RIAA Scum BirdJ.-H. Morin
  17. 17. Extremism •  Larry Lessig Speech at Italian Parliament: Internet is Freedom 2 M iPads sold in 60 days !!! J.-H. Morin
  18. 18. The Legal haystack!Three Strikes Graduated Response French HADOPI Three-Strikes Graduated Response invites itself to the land of Shakespeare J.-H. Morin
  19. 19. Doomed initiatives ! •  Fundamental Rights: •  Internet access has been recognized as a fundamental right, EU Parliament massively rejects three strikes graduated responses (481 votes against 25, in 2010) •  Technically inapplicable: •  Deep Packet Inspection and false positives •  Legally inapplicable: •  Territorial nature of such laws VS global media •  ACTAJ.-H. Morin
  20. 20. Entertainment & Media •  Consequences : •  Criminalizing ordinary people (no impact on organized crime) •  Loss of hard fought rights ! (Fair Use, private copy, etc.) •  Presumption of guiltiness ! (onus probandi ?) •  Internet access is increasingly recognized as a fundamental right (EU parliament) •  Exclusion, Inapplicability technical and legal •  Etc.J.-H. Morin
  21. 21. Situation #3Cloud Computing
  22. 22. Cloud Computing•  The World is Changing: PaaS, IaaS, SaaS Etc.J.-H. Morin
  23. 23. Cloud Computing•  So are customersJ.-H. Morin Etc.
  24. 24. DiscussionWhat do these 3 situations teach us about Trust in the digital age ?
  25. 25. Discussion•  Situations 1 et 2 : •  Enterprise and Corporate •  Entertainment and Media Rely on an fundamental assumption: « Distrust » Time for a mindset change ?J.-H. Morin
  26. 26. Security is bypassed not attacked Inspired by Adi Shamir, Turing Award lecture, 2002!J.-H. Morin
  27. 27. The Human Factor IMG: J. AndersonJ.-H. Morin
  28. 28. Discussion•  Situation 3 •  Cloud : There’s Hope! Is it an Emerging sign of « Trust » ?J.-H. Morin
  29. 29. People will dominate your future Information Security !"#$%&()$%*&%+,&*)-.(/*,%0$1)/(2%/3%4/,5% .,6%&7&&28 Debi Ashenden UK Defence Academy!" David Lacey, Managing the human factor in information security, John Wiley & Sons, 2009 J.-H. Morin
  30. 30. Discussion•  Is it enough ? Most likely Not !•  We need to put Trust back to where it belongs : People ! •  Not in « computational » terms •  Reinstate people in their Roles, Rights and Obligations Digital ResponsibilityJ.-H. Morin
  31. 31. Can we fix “it” ? •  Assuming : •  Security is needed (managed content) •  Total Security is neither realistic nor desirable •  Given the right User Experience and Business Models most users smoothly comply (e.g., iTunes) •  Most users aren’t criminals •  We need to take a step back to : •  Critically re-think “it” •  Reconsider the debate outside the either/or extremes of total vs. no security •  Re-design “it” from ground upJ.-H. Morin
  32. 32. Rethinking & Redesigning DRM•  Acknowledge the Central role of the User and User Experience •  Reinstate Users in their roles & rights •  Presumption of innocence & the burden of proof•  Fundamental guiding principle to Rethink and Redesign DRM : Feltens’ “Copyright Balance” principle (Felten, 2005) “Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted material should not be prevented from doing so by any DRM system.”•  Claim and Proposition : •  Put the trust back into the hands of the users •  Reverse the distrust assumption •  Requires a major paradigm shift J.-H. Morin
  33. 33. Rethinking & Redesigning DRM (cont.)•  Exception Management in DRM environments, mixing water with fire ? Not necessarily ! •  Reversing the distrust assumption puts the user “in charge”, facing his responsibilities •  Allow users to make Exception Claims, granting them Short Lived Licenses based on some form of logging and monitoring •  Use Credentials as tokens for logging to detect and monitor abuses •  Credential are Revocable in order to deal with abuse and misuse situations •  Mutually acknowledged need for managed content while allowing all actors a smooth usability experience (Morin and Pawlak, 2007, 2008); (Morin 2008, 2009)J.-H. Morin
  34. 34. Technology TransferPartnership with •  June 2011, Integration of the Exception Management model as « Provisional Licensing » 34J.-H. Morin
  35. 35. Example #2Personal Information Management in Social Networks
  36. 36. “The Digital Human” Digital Crumbs Source : Morin
  37. 37. Personal Information Serious Games • Morin
  38. 38. A “Serious” problem in Social Networks and Services Socially-Responsible Management of Personal Information •  Personal Information •  Different from Personally Identifying Information (PII) •  Subject to legal frameworks in most countries •  Increasingly shared on social networks •  Blurring boundaries between private and public life Legitimate concern (i.e., rights) over our information in terms of lifetime, usage purposes, access, etc.J.-H. Morin
  39. 39. Privacy Made in Google Morin
  40. 40. Problems and Issues •  Publish / share once, publish / share forever • Indexing and searching •  Who “owns” and manages YOUR information (SLAs) ? Raging debates. • Who’s information is it ? • Do you retain control ? •  Semantic searching capabilitiesJ.-H. Morin
  41. 41. The Right to Forget •  Right to Forget : fundamental human right threatened by the digital nature of information (i.e., searchable) •  Traditional Media (i.e., non digital) “Memory” erodes over time • Labor and cost intensive •  Digital Media, requires explicit human intervention to “make forget” information (Rouvroy, 2007)J.-H. Morin
  42. 42. France : Legal Approach (again!) •  French Minister of Forward Planning and Development of the Digital Economy •  Public consultation on the issue… … towards a law on digital forgetfulness… Finally a “best practice” agreementJ.-H. Morin
  43. 43. Anonymity and Privacy •  Anonymity and Privacy are fundamental to social networking • It’s not a “bug”, it’s a feature ! • It’s not schizophrenia ! •  Multiple legitimate personas (e.g., work, family, communities, etc.) • How do we deal with it in a socially- responsible and ethically sustainable way ? •  Cyber bullying (e.g., Akple in Korea) Requires traceability and accountability of information (i.e., managed information)J.-H. Morin
  44. 44. Key Question •  Is Privacy and personal information threatened by current social networking services ? •  We contend there is a need for Managed Personal Information • Socially-responsible and sustainable How can we retain an acceptable (by all) level of control over our personal information ?J.-H. Morin
  45. 45. Proposition (Morin, 2010) •  Personal Information should be augmented with a layer accounting for its management •  Alongside other metadata increasingly used in addressing the semantic dimension of our electronic services •  We argue DRM combined with Exception Management may be a promising path towards : • Socially-Responsible management of personal information in social networks and servicesJ.-H. Morin
  46. 46. From Identity to Personal Information J.-H. Morin
  47. 47. Argument & Discussion •  What do these Examples tell us ? •  Emerging notion of “ Informed Trust and Accountability ” : Digital Responsibility •  Cost : Major mindset change + transparencyJ.-H. Morin
  48. 48. To Summarize •  Web 2.0 has reshuffled the powers •  eParticipation is here to stay •  Change is happening (not something ahead of us) •  Many problems have become global by nature (thus usual institutions approaches and remedies are obsolete) •  Responsibility is emerging as a basis for sustainable digital societal evolution •  Digital Literacy is KEY in shaping the future of our now digital lives Join the conversation...J.-H. Morin
  49. 49. Designing the Smart Society Technology is a means serving practices and society. Being able to assess and evaluate the risks as well as the opportunities is key in enabling a responsible and sustainable participative, service oriented society. In the XXI century, Digital Literacy, Critical Thinking and Participation are key elements to Design and shape the Future of our Smart societyJ.-H. Morin
  50. 50. … Q & A Contacts:@jhmorin Prof. Jean-Henry Morin University of Geneva – CUI Institute of Services Science Jean-Henry.Morin@unige.ch