[LINK] openPDS

Roger Clarke Roger.Clarke at xamax.com.au
Tue Jan 14 17:08:19 AEDT 2014


>>  Perhaps the writers have graduated from an MIT bigdata course :)

At 5:44 +0000 14/1/14, stephen at melbpc.org.au wrote:
>Maybe a little hard on MIT regarding privacy. For instance ...

(1)  That's from the Media Lab, not from the Comp & AI Lab.

(2)  It appears to be a research project, although the info is very
      skimpy, so it may be an aspiration rather than a project

(3)  It's not mentioned as being part of any unit of study

(4)  It has embedded in it the US denial of privacy as a human right,
      and treatment of privacy as though it were a mere economic right

(5)  Although expressed as though it were a consent mechanism (called
      'opt-in' in IS English), it's readily converted by corporations
      into an 'opt-out', and readily subverted into 'take it or leave it'
      i.e. it can be a condition of using a service that a consumer signs
      the rights over to the corporation

The aggregation proposal, on the other hand, does need looking at, to 
see if it actually contains an effective isolation mechanism.

_________________________________________________________________________

>openPDS
>
>Personal Data with Privacy
>
>  http://openpds.media.mit.edu
>
>
>PHILOSOPHY
>
>openPDS allows users to collect, store, and give fine-grained access to
>their data all while protecting their privacy.
>
>With the rise of smartphones and their built-in sensors as well as web-
>apps, an increasing amount of personal data is being silently collected.
>
>Personal datañdigital information about usersí location, calls, web-
>searches, and preferencesñis undoubtedly the oil of the new economy.
>
>However, the lack of access to the data makes it very hard if not
>impossible for an individual to understand and manage the risks associated
>with the collected data.
>
>Therefore, advancements in using and mining this data have to evolve in
>parallel with considerations about ownership and privacy.
>
>Many of the initial and critical steps towards individuals data ownership
>are technological. Given the huge number of data sources that a user
>interacts with on a daily basis, interoperability is not enough.
>
>Rather, the user needs to actually own a secured space, a Personal Data
>Store (PDS) acting as a centralized location where his data live. Owning a
>PDS would allow the user to view and reason about the data collected.
>
>The user can then truly control the flow of data and manage fine-grained
>authorizations for accessing his data.
>
>OUR VISION
>
>We believe that a a New Deal on data is needed. When it comes from data,
>"ownership" should to be thought of according to the old English common
>law. Data ownership would therefore be defined as the rights of possession,
>use, and disposal instead of a literal ownership.
>
>CURRENT THINKING
>
>Discussions on such changes and their implications for privacy must also
>take into account the current political and legal context. We developed
>openPDS to be the reference implementation of the policies proposed by the
>National Strategy for Trust Identities in Cyberspace (NSTIC), The
>Department of Commerce Green Paper, and the Office of the Presidentís
>International Strategy for Cyberspace. openPDS implementation is also
>aligned with the European Commissionís 2012 reform of the data protection
>rules. This reform states individualsí right to be forgotten, to have
>easier access to their data, and to be able to easily transfer them.
>
>These recommendations, proposed reforms, and regulations all recognize the
>increasing need for personal data to be under the control of the individual
>as he is the one who can best mitigate associated risks
>
>RULES
>
>The system rules and participation agreements address the need for
>harmonized business, legal and technical measures to enable distributed and
>interoperable systems such as openPDS.
>
>The latest version of the documents are available on our GitHub repository,
>where the current research and development on the legal and software code
>is openly available for public access and re-use.
>
>All of our code is open-source and freely available on our GitHub account.
>
>
>PRIVACY RISKS
>
>Protecting the privacy of personal data is known to be a hard problem.
>
>The recent advances in collecting, storing, and processing high-dimensional
>data such as call or credit card records at scale makes it even harder.
>
>The risks associated with these high-dimensional data are often subtle and
>hard to predict and anonymizing them is known to be a challenge.
>
>Geospatial data, the second most recorded information by smartphone apps,
>is probably the best example of the risks and rewards associated with high-
>dimensional data. On the one hand, the number of users of location-aware
>services such as Google Local Search, Foursquare and Glancee, are rising
>quickly as they demonstrate the benefits of location-based services to
>users. On the other hand, a recent study showed that 4 spatio-temporal
>points, approximate places and times, are enough to uniquely identify 95%
>of 1.5M people in a mobility database. The study further shows that these
>constraints hold even when the resolution of the dataset is low. Therefore,
>even coarse or blurred datasets provide little anonymity.
>
>ONLY ANSWERS, NO RAW DATA
>
>We strongly believe that it will be extremely difficult to anonymize high-
>dimensional data such as geolocation while retaining the value of the data.
>
>Consequently, openPDS turns the problem on its head using a innovative
>SafeAnswers framework. SafeAnswers allows applications to ask questions
>that will be answer using the user's personal data.
>
>In practice, applications will send code to be run against the data and the
>answer will be send back to them. openPDS ships code, not data. openPDS
>turns a very hard anonymization problem to an easier security problem.
>
>SafeAnswers uses two separate layers for aggregating the userís data:
>
>(1) sensitive data processing takes place within the userís PDS allowing
>the dimensionality of the data to be safely reduced on a per-need basis;
>
>(2) data can be anonymously aggregated across users without the need to
>share sensitive data with an intermediate entity through a privacy-
>preserving group computation method
>
>With SafeAnswers generic computations on user data are performed in the
>safe environment of the PDS, under the control of the user: the user does
>not have to hand data over to receive a service.
>
>Only the answers, summarized data, necessary to the app leaves the
>boundaries of the userís PDS.
>
>Rather than exporting raw accelerometer or GPS data, it could be sufficient
>for an app to know if youíre active or which general geographic zone you
>are currently in. Instead of sending raw accelerometers readings or GPS
>coordinates to the app ownerís server to process, that computation can be
>done inside the userís PDS by the corresponding Q&A module.
>
>--
>
>Regards,
>Stephen
>
>Message sent using MelbPC WebMail Server
>
>
>
>
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University



More information about the Link mailing list