The document discusses the challenges and management of personal information in social networks, emphasizing the need for control over such information amid privacy concerns. It proposes a layered management approach that augments personal data with usage rights and discusses the implications of digital rights management (DRM) and exception management. A call to action for a transdisciplinary approach to innovate socially-responsible solutions for personal information management is also presented.

1. BlogTalk Asia 2009
Jeju, South Korea
Jean-Henry Morin
University of Geneva – CUI
Dept. of Information Systems
Jean-Henry.Morin@unige.ch
http://jean-henry.com/
BlogTalk Asia, Sept 2009

2. Outline
• Introduction and Context
• Motivation and Problem Statement
• Two Important Problems
• Proposition for Managed Personal Information
• Design Overview
• Conclusion and Discussion
2
J.-H. Morin

3. Introduction and Context
• Social Networks and Services
3
J.-H. Morin

4. Introduction and Context
• Personal Information
• Different from Personally Identifying Information
(PII)
• Subject to legal frameworks in most countries
• Increasingly shared on social networks
• Blurring boundaries between private and public life
Legitimate concern (i.e., rights) over our
information in terms of lifetime, usage
purposes, access, etc.
4
J.-H. Morin

5. Problems and Issues
• Publish / share once, publish / share
forever
• Indexing and searching
• Who “owns” and manages YOUR
information (SLAs) ? Raging debates.
• Who’s information is it ?
• Do you retain control ?
• Semantic searching capabilities
5
J.-H. Morin

6. The Right to Forget
• Right to Forget : fundamental
human right threatened by the digital
nature of information (i.e., searchable)
• Traditional Media (i.e., non digital)
“Memory” erodes over time
• Labor and cost intensive
• Digital Media, requires explicit human
intervention to “make forget” information
(Rouvroy, 2007)
6
J.-H. Morin

7. Anonymity and Privacy
• Anonymity and Privacy are fundamental
to social networking
• It’s not a “bug”, it’s a feature !
• It’s not schizophrenia !
• Multiple legitimate personas (e.g., work, family,
communities, etc.)
• How do we deal with it in a socially-
responsible and ethically sustainable way ?
• Cyber bullying (e.g., Akple in Korea)
Requires traceability and accountability of
information (i.e., managed information)
7
J.-H. Morin

8. Key Question
• Is Privacy and personal information
threatened by current social
networking services ?
• We contend there is a need for
Managed Personal Information
• Socially-responsible and sustainable
How can we retain an acceptable (by all) level of
control over our personal information ?
8
J.-H. Morin

9. Proposition
• Personal Information should be
augmented with a layer accounting for
its management
• Alongside other metadata increasingly
used in addressing the semantic
dimension of our electronic services
9
J.-H. Morin

10. Moving forward:
Design Overview
• DRM
• Highly controversial but a necessary evil
likely to stay
• Exception Management
• An accountable approach to deal with the
lack of flexibility of DRM
• A socially-responsible (yet economically
viable) alternative to the deceptive
approaches of current DRM systems
10
J.-H. Morin

11. Digital Rights Management
(DRM)
• What is DRM ?
• Technology allowing to cryptographically associate usage rules
to digital content
• Rules govern the usage of content
• Content is persistently protected wherever it resides
• Examples :
• Recipients of an email cannot FORWARD, PRINT, COPY the
email
• A document EXPIRES on September 16, 2009 and can only be
accessed, in READ ONLY, by BlogTalk and Lift Asia attendees
• CEO delegates to CCO the right to also manage policies
provided an audit trace is logged, etc.
• Where is it used ?
• Initially fueled by the Media & Entertainment
• Since 2003 : Enterprise sector fueled by corporate scandals
(Enron, etc.), compliance issues, regulatory frameworks, etc.
• Software and gaming industries
11
J.-H. Morin

12. Rethinking & Redesigning DRM:
Exception Management
• Acknowledge the Central role of the User and User
Experience
• Reinstate Users in their roles & rights
• Presumption of innocence & the burden of proof
• Fundamental guiding principle : Feltens’ “Copyright
Balance” principle (Felten, 2005)
“Since lawful use, including fair use, of copyrighted works is in the
public interest, a user wishing to make lawful use of copyrighted
material should not be prevented from doing so by any DRM
system.”
12
J.-H. Morin

13. Rethinking & Redesigning DRM
(cont.)
• Exception Management in DRM environments, mixing
water with fire ?
• Reversing the distrust assumption puts the user “in
charge”, facing his responsibilities
• Allow users to make Exception Claims, granting them
Short Lived Licenses based on some form of logging and
monitoring
• Use Credentials as tokens for logging to detect and
monitor abuses
• Credential are Revocable in order to deal with abuse and
misuse situations
• Mutually acknowledged need for managed content while
allowing all actors a smooth usability experience
13
J.-H. Morin

14. Putting the pieces together
• Augmenting information with usage
rights appears to be a promising path
towards :
• Socially-Responsible management of
personal information in social networks
and services
• Enabling Exception Management may
offer the much needed flexibility
lacking in traditional rights
management environments
• Much work remains to be done
14
J.-H. Morin

15. Conclusion
• Call for Action ! We need to innovate
• Co-creation of value:
• Requires a transdisciplinary approach
(law, business, sociology, ethics,
engineering, design, etc.)
• Involving all the stakeholders
• Engineering is “easy”, getting it “right” in a
mutual socially responsible way is hard but a
great societal challenge
15
J.-H. Morin

16. Questions - Discussion
Thank you
Jean-Henry Morin
University of Geneva – CUI
Dept. of Information Systems
Jean-Henry.Morin@unige.ch
http://jean-henry.com/
16
J.-H. Morin