Building Trust in a Tense Information Society, Daniel Weitzner, Director, MIT CSAIL Decentralized Information Group. Keynote held at MIT Startup Exchange (STEX) Cybersecurity Innovation workshop (5/28) at MIT on Thursday May 28, 2015, 8:30 AM to 11:30 AM, at One Main Street, Cambridge, MA, USA.
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Building Trust in a Tense Information Society, Daniel Weitzner, Director, MIT CSAIL Decentralized Information Group.
1. Building Trust in a Tense
Information Society
MIT Startup Exchange – Cybersecurity Innovation
Daniel J. Weitzner
Director, Cybersecurity and Internet Policy Research
Initiative
Massachusetts Institute of Technology
28 May 2015
1
2. Tensions in our Information Society
reduce trust
1. Culture: Normalization of radical transparency
vs trust gap
2. User experience: Increased individual control of
personal data vs. opaque use
3. Political process: Major sector of
economy/society poorly understood
2
4. Privacy built on trust, not fine print
No App Low Med. High
*
*
*
Participants based their decision on:
• Familiarity (i.e. trust) with the app.
• The type of app, in particular what
kinds of information the app already
has already access to.
Frequency of use had no effect;
No App Low Med. High
No App Low Med. High No App Low Med. High
No App Low Med. High
*
No App Low Med. High
Privacy Tipping Points in
Smartphones Privacy
Preferences
F Shih, I Liccardi, D Weitzner –
Proceedings ACM CHI, 2015
5. Normalization of Radical Transparency
Assange
Wall Street
Journal
‘What they
Know”
Manning
Snowden
• Snowden is neither the
first nor the last
• The dramatic response
of Silicon Valley
• Trust will require pro-
active transparency
51. Transparency without trust
6. Trust Challenge
Judge Reggie B. Walton, Chief Judge,
Foreign Intelligence Surveillance Court
“the court lacks the tools to
independently verify how
often the government’s
surveillance breaks the
court’s rules that aim to
protect Americans’ privacy”
• Washington Post, August 15,
2013
61. Transparency without trust
7. Growing Individual Control
7
• Personal health data tied to
individual
• How will this shape privacy
expectations?
2. Control vs opacity
10. New Privacy Priorities: Prevent
Discrimination and Sustain Trust
Discrimination: “The
increasing use of
algorithms to make
eligibility decisions must
be carefully monitored for
potential discriminatory
outcomes for
disadvantaged groups,
even absent
discriminatory intent.“
10
11. Importance of Accountable Systems
“Although the state of the art is
still somewhat ad hoc, and
auditing is often not automated,
so‐called accountable systems
are beginning to be deployed.
The ability to detect violations of
privacy policies, particularly if the
auditing is automated and
continuous, can be used both to
deter privacy violations and to
ensure that violators are
punished. (pp. 42-43)
11
12. A Goal by Analogy: Financial Accounting
12
.
.
.
.
.
General Ledger
Transactions
Assets
…
…
Liabilities
…
…
Net Assets
Owners Equity
Financial
Balance Sheet
Accounting rules
Public
Trust
13. Personal Information Accountability
13
.
.
.
.
.
Personal Information
Transactions
Compliance
• FCRA #
• DAA #
• FISA #
• ECPA #
Non-compliance
• FCRA #
• DAA #
• FISA #
• ECPA #
Total Transactions
Net Accountability
Personal Information
Balance Sheet
Accountable
Systems Reasoning
Public
Trust
14. Detailed Explanation
“[Recipient,] Fred Agenti, is a member of a
Criminal Justice Agency…”
“Inquiry is about Robert B. Guy and is based on a
personally identifying characteristic…”
14Accountable Systems
18. Stop Online Piracy Act: Engineer’s View
• “If enacted, either of these bills will create an environment
of tremendous fear and uncertainty for technological
innovation, and seriously harm the credibility of the United
States in its role as a steward of key Internet
infrastructure. Regardless of recent amendments to
SOPA, both bills will risk fragmenting the Internet's global
domain name system (DNS) and have other capricious
technical consequences. In exchange for this, such
legislation would engender censorship that will
simultaneously be circumvented by deliberate infringers
while hampering innocent parties' right and ability to
communicate and express themselves online.”
• https://www.eff.org/deeplinks/2011/12/internet-inventors-warn-
against-sopa-and-pipa
18
19. MIT Cybersecurity and Internet Policy
Research Initiative
19
Social Science
•Nazli Choucri, Political
Science
•Peter Diamond,
Economics
•Michael Fischer,
Anthropology and
Science , Tecnology &
Society
•Kenneth Oye, Political
Science
•Sherry Turkle, Sociology
and Science ,
Technology & Society
Engineering
• Hal Abelson, EECS
• Tim Berners-Lee, CSAIL
• David Clark, CSAIL
• Munther Dahleh, Institute On
Complex & Socio-Tech.
Systems
• Shafi Goldwasser, EECS
• Frans Kaashoek, EECS
• Nancy Leveson, Aeronautics &
Astronautics
• Silvio Micali, EECS
• Ron Rivest, EECS
• Daniela Rus, CSAIL
• Howie Shrobe, CSAIL
• Gerry Sussman, EECS
• Daniel Weitzner, CSAIL
Management
• Andrew Lo, Sloan
• Stu Madnick, Sloan
Hinweis der Redaktion
How does trust gap effect commerce?
Discuss tensions in our information society and how it shapes our research agenda
Why does trust matter?
Month long intensive study of smart phone users: How does context change amount of information shared?
Major factor - Trusted app/collector: More info shared
Use beneficial to individual: more shared
But, More detail about purpose: less sharing
Therefore – building broad trust in operation of systems is necessary
Second tension – users experience and come to expect more control, ie personal health apps
But large scale analytics tend to undermine trust because of their opacity
Consider traditional credit scoring and new alternative ML-driven scoring from companies like Zest
WH Big Data Privacy recognized risk of discrimination and need to build trust
Accountable systems as a trust-building mechanism
This is our ultimate goal:
Predictable and reliable application of public rules to privacy data (red) producing a summary representation of any given financial entity (green)
This is the basis for trillions of economic activity around the world – we should be aspire to this.
Trust requires understanding of how systems function – just like accountable systems
Fear that SOPA would ‘break the Internet’
Very distinguished group of engineers express concern about destabilizing the DNS – but
no data
no abstract model of the DNS infrastructure from which to predict impact of law
Opinion based on intuition – may well have been right, but it felt awkward.