from p3p to data licensing cha, shi-cho ( 查士朝 ) and joung, yuh-zer ( 莊裕澤 ) dept. of...
TRANSCRIPT
From P3P to Data From P3P to Data LicensingLicensing
Cha, Shi-Cho (Cha, Shi-Cho ( 查士朝查士朝 ) and Joung, Yuh-zer () and Joung, Yuh-zer ( 莊莊裕澤裕澤 ))
Dept. of Information ManagementDept. of Information ManagementNation Taiwan University, Taipei, TaiwanNation Taiwan University, Taipei, Taiwan
[email protected] [email protected] [email protected]@ccms.ntu.edu.tw
22
OutlinesOutlines
IntroductionIntroduction Concept and benefits of Online Concept and benefits of Online
Personal Data Licensing (OPDL)Personal Data Licensing (OPDL) Demonstrations of OPDLDemonstrations of OPDL ConclusionsConclusions
33
IntroductionIntroduction
Personal data are wildly used for Personal data are wildly used for different purposes.different purposes. Some are good for peopleSome are good for people Personal data can also be abused, e.g.Personal data can also be abused, e.g.
Unsolicited commercial e-mailUnsolicited commercial e-mail Credit card fraudCredit card fraud
Many countries have enacted laws to Many countries have enacted laws to protect personal data.protect personal data.
44
Introduction (Cont’d)Introduction (Cont’d)
The consent principleThe consent principle There are different kinds of consentThere are different kinds of consent
Written consent can provide the strongest Written consent can provide the strongest power of evidencepower of evidence
In the cyberspace, to consider the In the cyberspace, to consider the efficiency, passive consent is usually efficiency, passive consent is usually allowed and adoptedallowed and adopted A Web site can only disclose its practices about A Web site can only disclose its practices about
personal data personal data
55
An Example of the Problem An Example of the Problem With Passive ConsentWith Passive Consent
Time
It is hard for the person to prove that he does not know the Privacy Policy 2 !
Policy 1
We do not collect personal data
Policy 2
We collect click-streams
66
Framework of Online Personal Framework of Online Personal Data Licensing Data Licensing (OPDL)(OPDL)
To concretize people’s consents by To concretize people’s consents by letting users issue licenses of letting users issue licenses of collecting and using their data collecting and using their data
Application and service providers Application and service providers must obtain a license from a person must obtain a license from a person before collecting, processing, and before collecting, processing, and using the person’s personal data. using the person’s personal data.
77
Benefits of Using LicensesBenefits of Using Licenses
Licenses can be shown while some Licenses can be shown while some personal data are used.personal data are used.
Gatekeeper Service Provider
License
88
Benefits of Using Licenses Benefits of Using Licenses (Cont’d)(Cont’d)
Licenses can be used in auditing Licenses can be used in auditing processes to prevent data misuseprocesses to prevent data misuse
Data Management Process
Data
License AuditingModule
DateProcessor
99
Benefits of Using Licenses Benefits of Using Licenses (Cont’d)(Cont’d)
Licenses can be used as evidence Licenses can be used as evidence to prove that a site has misused a to prove that a site has misused a person’s data. person’s data.
1. Suspect
Governmentsor Third-PartyOrganizations
ServiceProvider
3. Request aservice provider toshow the license
2. Make acomplaint
4. Adoptappropriate
remedies to stopmisuse
1010
More Benefits of OPDLMore Benefits of OPDL
Permission to collect or use a person’s Permission to collect or use a person’s data is determined and given by the data is determined and given by the person himself/herself.person himself/herself. It also makes users begin to think about the It also makes users begin to think about the
damages when licensed data are misused damages when licensed data are misused when the users set their preferenceswhen the users set their preferences
People can obtain more clear information People can obtain more clear information about who have owned their personal about who have owned their personal data.data.
1111
Demonstrations of OPDLDemonstrations of OPDL
Personal DataLicenser
Personal DataCollector orProcessor
DataSubject
Step 1. Requestlicense through
Licensing Proposals
Step 2. Proposalsprocessing
Step 3.Notification
Step 4.Response
Step 5. Licenses
1212
Licensing ProposalLicensing Proposal
The Licensing Proposal of OPDL is The Licensing Proposal of OPDL is based on the P3P’s privacy policybased on the P3P’s privacy policy
The main modification is adding The main modification is adding security consideration into a proposal. security consideration into a proposal. The security policy, risk assessment and The security policy, risk assessment and
controls against the risks can be provided.controls against the risks can be provided. The requester can be certified by a The requester can be certified by a
certification organization (e.g., based on certification organization (e.g., based on BS7799/ ISO17799)BS7799/ ISO17799)
A TCSEC-like tag can be usedA TCSEC-like tag can be used
1313
Example Licensing ProposalExample Licensing Proposal
<?xml version="1.0" encoding="UTF-8" ?><PROPOSAL ID="f3eb4bc166"><POLICY name="Test Proposal" discuri="http://exampleshop/privacypolicy.html"><ENTITY><DATA-GROUP><DATA ref="#business.name">Example Enterprise</DATA></DATA-GROUP></ENTITY><SECURITY-POLICY discuri="http://exampleshop/securitypolicy.html" risks="http://exampleshop/risks.html" controls="http://exampleshop/controls.html"><POLICY-TAG><MANDATORY></POLICY-TAG></SECURITY-POLICY><DISPUTES-GROUP><DISPUTES service="Trust Certification Organization"></DISPUTES></DISPUTES-GROUP><STATEMENT><PURPOSE><pseudo-analysis></pseudo-analysis></PURPOSE><RETENTION><indefinitely></indefinitely></RETENTION><DATA-GROUP><DATA ref="#user.name.nickname"></DATA></DATA-GROUP></STATEMENT></POLICY><SIGNATURE algorithm="DSA">MCwCFEC6jCCVmJoU/MNVLgkbOSHxTO8QAhRld6MRdFpi9MvtzD/f91U1aNC81g==</SIGNATURE></PROPOSAL>
The information about the requester of the proposal:<ENTITY><DATA-GROUP><DATA ref="#business.name">Example Enterprise</DATA></DATA-GROUP></ENTITY>
The requester’s security policy:<SECURITY-POLICY discuri="http://exampleshop/securitypolicy.html" risks="http://exampleshop/risks.html" controls="http://exampleshop/controls.html"><POLICY-TAG><MANDATORY /></POLICY-TAG></SECURITY-POLICY>
Which organization certifies the requester:<DISPUTES-GROUP><DISPUTES service="Trust Certification Organization"></DISPUTES></DISPUTES-GROUP>
Data Requested:<STATEMENT><PURPOSE><pseudo-analysis></pseudo-analysis></PURPOSE><RETENTION><indefinitely></indefinitely></RETENTION><DATA-GROUP><DATA ref="#user.name.nickname"></DATA></DATA-GROUP></STATEMENT>
1414
Personal DataLicenser
Personal DataCollector orProcessor
DataSubject
Step 1. Requestlicense through
Licensing Proposals
Step 2. Proposalsprocessing
Step 3.Notification
Step 4.Response
Step 5. Licenses
1515
Proposal ProcessingProposal Processing
The PDL processes a proposal based on the data subject’s The PDL processes a proposal based on the data subject’s preferencespreferences
The preferences are based on APPEL. For each preference The preferences are based on APPEL. For each preference rule, it contains the following components:rule, it contains the following components: Action taken when a rule is matchingAction taken when a rule is matching The rule’s target The rule’s target
The rule is specified to what dataThe rule is specified to what data The rule is applied to whomThe rule is applied to whom The requirement of certificationThe requirement of certification The security level requirementThe security level requirement The purposes constraintsThe purposes constraints The retention policies constraintsThe retention policies constraints
1616
Flow Chart of Proposal Flow Chart of Proposal ProcessingProcessing
Receive a LicensingProposal P
More rule Ri in the user'spreference rule set?
Accept P withoutnotification
no
Get Ri from the user'spreference ruleset
Ri matches P?no
yes
The prompt value of Ri is yes?
The behavior value of Ri isblock?
yes
yes
yes
no
no
Set StatusP = accept,MeetRule = FALSE
StatusP = accept?
no
yes
Set MeetRule = TRUE
MeetRule = TURE?
yes
no
Inform the user
Reject P withoutnotification
Set StatusP = notify
Inform the user
Receive a LicensingProposal P
More rule Ri in the user'spreference rule set?
Accept P withoutnotification
no
Get Ri from the user'spreference ruleset
Ri matches P?no
yes
The prompt value of Ri is yes?
The behavior value of Ri isblock?
yes
yes
yes
no
no
Set StatusP = accept,MeetRule = FALSE
StatusP = accept?
no
yes
Set MeetRule = TRUE
MeetRule = TURE?
yes
no
Inform the user
Reject P withoutnotification
Set StatusP = notify
Inform the user
1717
Personal DataLicenser
Personal DataCollector orProcessor
DataSubject
Step 1. Requestlicense through
Licensing Proposals
Step 2. Proposalsprocessing
Step 3.Notification
Step 4.Response
Step 5. Licenses
1818
User NotificationUser Notification
1919
Personal DataLicenser
Personal DataCollector orProcessor
DataSubject
Step 1. Requestlicense through
Licensing Proposals
Step 2. Proposalsprocessing
Step 3.Notification
Step 4.Response
Step 5. Licenses
2020
License IssuingLicense Issuing
A decomposable license format is used:A decomposable license format is used: Auditing or gate-keeping mechanism may Auditing or gate-keeping mechanism may
only need part of a license. only need part of a license. If a person wishes to update some part of If a person wishes to update some part of
his issued license, the person can update his issued license, the person can update necessary parts instead of reissuing the necessary parts instead of reissuing the whole license. whole license.
L
H
C1 D1 V1
......
SIGNSKx(H,C1)
SKX
SIGNSKx(H,Cn)
P1 S1 T1
Cn Dn VnPn Sn Tn
2121
An Example of a LicenseAn Example of a License
<?xml version="1.0" encoding="UTF-8"?><LICENSE>
<LICENSE-HEADER><LICENSER><NAME>CN=CSC, OU=CSC, O=CSC, L=Taipei, ST=Taipei, C=TW</NAME><CERT-ISSUER>CN=CSC, OU=CSC, O=CSC, L=Taipei, ST=Taipei, C=TW</CERT-ISSUER><CERT-SERIAL>1042957664</CERT-SERIAL></LICENSER><ISSUE-DATE>Sun Mar 16 00:11:22 CST 2003</ISSUE-DATE><ENTITY><DATA-GROUP><DATA ref="#business.name">Example Enterprise</DATA></DATA-GROUP></ENTITY><SECURITY-POLICY discuri="http://exampleshop/securitypolicy.html" risks="http://exampleshop/risks.html" controls="http://exampleshop/controls.html"><POLICY-TAG><MANDATORY /></POLICY-TAG></SECURITY-POLICY><DISPUTES-GROUP><DISPUTES service="Trust Certification Organization"></DISPUTES></DISPUTES-GROUP></LICENSE-HEADER><LICENSE-BODY>
<CLAUSE ID="f3f2731bb9"><STATEMENT><CONSEQUENCE>Gender</CONSEQUENCE><PURPOSE><current /><admin /><develop /><customization /></PURPOSE><RETENTION><indefinitely /></RETENTION><DATA-GROUP><DATA ref="#user.gender">Male</DATA></DATA-GROUP></STATEMENT><SIGNATURE algorithm="DSA">MCwCFBZYtH/xneRtEgVVjdCBCypfeWCVAhRWH8jm1xvETkYSfrrHNPpma2t9Uw== </SIGNATURE></CLAUSE>
<CLAUSE ID="f3f2731bd8"><STATEMENT><CONSEQUENCE>Jobtitle</CONSEQUENCE><PURPOSE><develop /><customization /><tailoring /></PURPOSE><RETENTION><indefinitely /></RETENTION><DATA-GROUP><DATA ref="#user.jobtitle">Test</DATA></DATA-GROUP></STATEMENT><SIGNATURE algorithm="DSA">MC0CFCoA678dpmVlEaNnBwPfBmoDPmKYAhUAgrEg3BoVKiZVsWcx1Fo1dSOUUmU= </SIGNATURE></CLAUSE>
</LICENSE-BODY></LICENSE>
Header
Clause 1
Clause 2
2222
ConclusionsConclusions
OPDL requires service providers to obtain OPDL requires service providers to obtain licenses before collecting, processing and licenses before collecting, processing and using their users’ datausing their users’ data
Compared to P3P, OPDL not only lets Compared to P3P, OPDL not only lets individuals know the privacy practices of a individuals know the privacy practices of a Web site, but also enforce the practices.Web site, but also enforce the practices.
OPDL brings the control of personal data OPDL brings the control of personal data back to the owner of data.back to the owner of data.
Licenses of OPDL can provide the same Licenses of OPDL can provide the same power of evidence as written consentpower of evidence as written consent
2424
Suggested Future WorkSuggested Future Work
Legislation RequirementLegislation Requirement To enhance the concept to other To enhance the concept to other
conditions (because Internet is not the conditions (because Internet is not the only source that a enterprise can collect only source that a enterprise can collect personal data).personal data).
Interface designInterface design A more complex negotiation model (e.g., A more complex negotiation model (e.g.,
to enable a person to “sell” his/her to enable a person to “sell” his/her personal data)personal data)
2525
Appendix: The Role of OPDL in Appendix: The Role of OPDL in Misuse RegulationMisuse Regulation
Misuse ofPersonal
Data
OPDL
Legal Measures
NormativeRemedies
Market