|
IDIS 10 Draft Programme - Victoria Hotel Rome Wednesday 26th May 2010 |
||
|
13:30-14:00 |
Opening Address and Welcome |
James Backhouse Department of Management, LSE |
|
14:00-15:00 |
Keynote Speech
|
SmartData: Make the Data “Think” for Itself – Data Protection in the 21st Century. Prof George Tomko, University of Toronto |
|
15:00-15:30 |
Coffee Break |
|
|
15:30-17:00 Chair: Ruth Halperin |
Paper 1 |
Privacy Enhancing Technologies. A Review. Yun Shen and Siani Pearson. HP Labs Bristol, UK Discussant: Mark McLaughlin, Waterford Institute of Technology, Ireland |
|
Paper 2 |
The use of biometric technology in Iraq. Sarah Lovell. US National Academy of Sciences, USA Discussant: Charles Raab, University of Edinburgh, UK |
|
|
Paper 3 |
Incorporating Biometrics into Veiled Certificates: Preventing Unauthorized Use of Anonymous Certificates. John Gerdes and Chin-Tser Huang, University of South Carolina, USA Discussant: Adrian Rahaman, UCL, UK |
|
|
Thursday 27th May 2010 |
||
|
10:00-11:00
|
Keynote Speech |
Embed Privacy by Design into Identity Management: Make It The Default. Ann Cavoukian, Information and Privacy Commissioner, Ontario, Canada |
|
11:00-11:30 |
Coffee Break |
|
|
11:30-12:30 Chair: Ken Anderson
|
Paper 4 |
Public sector engagement with online identity management. David Barnard-Wills and Debi Ashenden, Cranfield University, UK Discussant: Edward Higgs, University of Essex, UK |
|
Paper 5 |
Digital Identity in the absence of authorities: a new socio-technical approach. Mark McLaughlin, Gerard Briscoe, Paul Malone, Waterford Institute of Technology, Ireland Discussant: John Gerdes, University of South Carolina, USA |
|
|
12:30-14:00 |
Lunch Break |
|
|
14:00-15:00
|
Keynote Speech |
The Construction of Personal Identities Online: A Philosophical Interpretation. Luciano Floridi, University of Hertfordshire & University of Oxford, UK |
|
15:00-15:30 |
Coffee Break |
|
|
15:30-16.30 Chair: Luciano Floridi
|
Panel Discussion |
A panel to discuss the theme of Luciano Floridi’s keynote talk: Giorgio Bertolotti, University of Milano Bicocca, Italy; Ezio Di Nucci, Universitat Duisburg-Essen, Germany; Dave Ward, University of Hertfordshire, UK |
|
Friday 28th May 2010 |
||
|
10:00-11:00 |
Keynote Speech |
There's no information self-determination without information self-awareness. Caspar Bowden, Chief Privacy Adviser for Microsoft in Europe, Middle-East and Africa |
|
11:00-11:30 |
Coffee Break |
|
|
11:30-13:00 Chair: Charles Raab
|
Paper 6 |
Positive identities: anonymity and privacy of HIV patients within organizations in Italy. Chiara Fonio, Universita Cattolica, Milano, Italy Discussant: Angela Sasse, UCL, UK |
|
Paper 7 |
Privacy and the maintenance of personal identity in information society: a preliminary investigation. Nadja Kanellopoulou, EnCoRe project, University of Oxford, UK Discussant: Mireille Hildebrandt, VUB, Belgium |
|
|
Paper 8 |
Human-Centred Identity – From Rhetoric to Reality. Adrian Rahaman & Angela Sasse, University College London, UK Discussant: David Barnard-Wills, Cranfield University, UK |
|
|
13:00 |
Close of Workshop |
|
About the keynote speakers
Dr. George Tomko, Expert-in-Residence in IPSI at the University of Toronto: http://www.ipsi.utoronto.ca/about/Expert_in_Residence.htm
SmartData: Make the Data “Think” for Itself – Data Protection in the 21st
Abstract: SmartData is a research program to develop web-based intelligent agents that will perform two tasks: securely store an individual’s personal and/or proprietary data, and protect the privacy and security of the data by only disclosing it in accordance with instructions authorized by the data subject. The vision consists of a web-based SmartData agent that would serve as an individual’s proxy in cyberspace to protect their personal or proprietary data. The SmartData agent (which ‘houses’ the data and its permitted uses) would be transmitted to, or stored in a database, not the personal data itself. In effect, there would be no personal or proprietary “raw” data out in the open – it would instead be housed within a SmartData agent, much like we humans carry information in our “heads;” extending the analogy, it would be the “human-like clone” that would be transmitted or stored, not the raw data. The binary string representative of a SmartData agent would be located in local or central databases. Organizations requiring access to any of the data resident within the agent would query it once it had been “activated.” In this paper, we provide a preliminary overview of the SmartData concept, and describe the associated research and development that must be conducted in order to actualize this vision.
Bio: Dr. George Tomko was appointed an Expert-in-Residence at IPSI (the Privacy, Security and Identity Institute) at the University of Toronto in 2008. Known for his expertise in the area of privacy-enhancing technologies, Dr. Tomko is best known for having invented the privacy-enhancing technology called “Biometric Encryption,” as well as “Anonymous Database,” both of which were the subject of numerous patents in the 1990’s. Later he invented “SmartData,” and is presently working on developing Intelligent Agents within a virtual environment. Dr. Tomko holds 12 U.S. patents in the area of optical computing and biometric encryption. He has written extensively and speaks internationally on the direction of technology and the impact of privacy and security on the design of information systems. Dr. Tomko co-founded Mytec Technologies Inc. in 1987 (now known as Bioscrypt Inc.), to develop and market privacy-enhancing biometric technology. He served as President and CEO of Mytec, and during that time, took Mytec public on the Toronto Stock Exchange. Dr. Tomko was also the co-founder of Counterforce Inc., a security monitoring company that currently has over 200,000 customers across the United States and Canada. Prior to that, he held a number of executive positions including: Vice-president & General Manager of Chubb Security in Canada; Vice President of Marketing at Sentrol Systems, a process control company; and Director of Neurotoxicology at Bio-Research Laboratories, a toxicology testing laboratory for pharmaceuticals and chemicals. Dr. Tomko also served for three years as the Chairman of Photonics Research Ontario, one of four Ontario Centres of Excellence, comprising of researchers from across Ontario universities and research institutes, with the mandate to develop optical and photon-based technologies. He also served in the Canadian Armed Forces (the Royal Canadian Navy), for a period of ten years, onboard submarines and destroyers, attaining the rank of Captain. While in the Navy, he also worked as part of a team designing anti-missile electronic warfare systems. Dr. Tomko holds a Ph.D. in Neuroscience, obtained from the University of Toronto. He graduated with a B.A.Sc. in Engineering Physics, and an M.A.Sc. in Electrical Engineering. After his Ph.D., he went on to complete an Executive MBA. Before entering business, he started his career as a lecturer and researcher at the University of Toronto, where his research focused on the operation of neuronal networks in the visual cortex of mammals, focussing on how they become dysfunctional in a model of dementia.
Dr. Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada: http://www.ipc.on.ca/english/About-Us/About-the-Commissioner
Embed Privacy by Design into Identity Management: Make It The Default
Abstract: As we enter into an age where we are immersed in a rich information environment, automatically sharing information about ourselves with others, viable privacy protections must be architected directly into technology – including identity management systems. Dr. Cavoukian calls this Privacy by Design and has been working with technologists, legal experts, and international organizations to ensure that we retain the ability to control our digital identities. When she first coined the term Privacy by Design in the 1990s, it was in an effort to enlist the support of technology to protect privacy, rather than encroach upon it. Privacy is far more likely to be protected if it is built directly into the architecture of the technology, instead of being viewed as an afterthought. Organizations currently have the ability to employ what the Commissioner calls “Privacy-Enhancing Technologies - Plus” (PETs Plus) which when combined with a positive-sum paradigm, turn into “Transformative Technologies” – giving any privacy-invasive technology the ability to actually protect privacy while performing whatever function it was intended to deliver. Dr. Cavoukian will elaborate on how her concept of Privacy by Design can help transform privacy challenges into privacy solutions.
Bio: Dr. Ann Cavoukian is recognized as one of the leading privacy experts in the world. Noted for her seminal work on Privacy Enhancing Technologies (PETs) in 1995, her concept of Privacy by Design seeks to embed privacy into the design specifications of technology, thereby achieving the strongest protection. An avowed believer in the role that technology can play in protecting privacy, Dr. Cavoukian’s leadership has seen her office develop a number of tools and procedures to ensure that privacy is strongly protected, not only in Canada, but around the world. She has been involved in a number of international committees focused on privacy, security, technology and business, and endeavours to focus on strengthening trust and confidence in emerging technological applications. Dr. Cavoukian also serves as the Chair of the Identity, Privacy and Security Institute at the University of Toronto, Canada and is a member of the Future of Privacy Advisory Board. Reappointed as Commissioner for an unprecedented third term, Dr. Cavoukian intends to grow Privacy by Design and hopes to make it go “viral.”
Professor Luciano Floridi, UNESCO Chair in Information Ethics, University of Hertfordshire, and Fellow of St Cross College, Oxford: http://www.philosophyofinformation.net/
The Construction of Personal Identities Online: A Philosophical Interpretation
Abstract: In this paper, I shall present my current work in progress about an informational approach to the nature of personal identity. I will discuss the following questions. Persistence: what is the nature of a person’s unity of conscious experience as an individual? Communication: what is the nature of the conscious interactions within a person’s mental life? In other words, revisiting Plato’s classic analogy of the chariot (Phaedrus 246a - 254e), I shall discuss not the nature of the two horses, of the charioteer, or of their interactions, but the ontology of the chariot itself and of the tack, which allow the system to be, persist and act as a single and continuous entity. The general view supported is that persons are not the totality of fragments of a life, or of slices in some n-dimensional space. They are pliable, informational entities that are immobile through time, like islands in a river. Personal identity might be eroded, reshaped or even cancelled, but then the person becomes someone else (“he is no longer himself”). Philosophers introduce a more dynamic analysis of personal identity through a Kodak analogy: slices or snapshots of individuals or of their lives. But such abstraction – the idea that personal identity is about gluing together state transitions of a system – is undermined by the very first step: there are no slices, it is the same, single island that emerges, changes, and disappears. The chain-saw movement, which cuts personal identities into paper-thin stories and then piles them up in a book, is in fact a conceptual massacre. The problem is not how we re-identify identicals through time, but how identicals persist immobile through the flow of time without breaking apart. Living (experience, growth, education, personal choices and so forth) is the strain or force that modifies the individual, which, as a point of resistance, changes through informational plasticity. Life changes the nature of a continuous individual from an initial state a to a final state w. This is what we mean when we say “see what life has done to her”.
Bio: Luciano Floridi (Laurea, Rome University “La Sapienza”, M.Phil. and Ph.D. Warwick, M.A. Oxford, www.philosophyofinformation.net) is Professor of Philosophy at the University of Hertfordshire – where he holds the Research Chair in Philosophy of Information and the UNESCO Chair in Information and Computer Ethics – and Fellow of St Cross College, University of Oxford, where he coordinates the philosophy of information research group, IEG. He is President of the International Association for Computing and Philosophy. In 2009, he was elected Gauss Professor by the Academy of Sciences in Göttingen, awarded the Barwise Prize by the American Philosophical Association, and elected Fellow of the Society for the Study of Artificial Intelligence and the Simulation of Behaviour. His most recent books are: the Handbook of Information and Computer Ethics (CUP, 2010), The Philosophy of Information (OUP, 2010) and Information – A Very Short Introduction (OUP, 2011).
Caspar Bowden, Chief Privacy Adviser for Microsoft in Europe, Middle-East and Africa
There's no information
self-determination without information self-awareness
Abstract:
The EU Data Protection Directive 95/46 incorporates the strongest
and least restricted right of any privacy regulatory regime for a
person to access their personal data from controller organisations,
and is an indispensable component of the right to "information
self-determination". However the right remains relatively unknown
and is rarely exercised. How might the implementation of this right
be improved, and what policy, technical and economic factors need to
be considered? In particular, the requirement for strong mutual
authentication between data controller and subject might be
fulfilled with the arrival of user-centric Identity Management
systems and architectures. However not all systems claimed to be
"user-centric" provide suitable characteristics to prevent novel
privacy attacks.
Bio: Caspar Bowden is Chief Privacy Adviser for Microsoft in
Europe, Middle-East and Africa. His goal is to ensure that users of
Microsoft products and services are in control of their personal
data and that fair information practices are respected. He is a
specialist in data protection policy, privacy enhancing technology
research, identity management and authentication. He was formerly
director of the Foundation for Information Policy Research, an
independent think-tank that studies the interaction between
computers and society, and promotes public understanding and
dialogue between UK and European civil society and policy-makers in
the fields of e-commerce, copyright, law enforcement and national
security, e-government, cryptography and digital signatures. He was
appointed expert adviser to the UK parliament for the passage of
three bills concerning privacy issues, and was co-organizer of the
influential Scrambling for Safety public conferences on UK
encryption and surveillance policy. His previous career over two
decades ranged from investment banking (proprietary trading
risk-management for option arbitrage), to software engineering
(graphics engines and cryptography), including work for Goldman
Sachs, Microsoft Consulting Services, Acorn, Research Machines, and
IBM.
About the panel discussion: Personal Identity Online: A
Philosophical Interpretation
As time
and technology progress, how we interact with the world and each
other becomes increasingly complex and articulated. The quantity and
diversity of information in our environment, and the ease with which
we can access that information and integrate it into our daily
lives, have increased exponentially over the past decade. Indeed,
for many of us, the environment with which we interact now includes
a range of virtual environments, which make possible entirely new
ways of interacting with information and with others.
Psychologists, sociologists and anthropologists have for some time
been interested in the ways in which such changes in our
informational environment might affect us and our self-conceptions
(see e.g. Turkle (1995), Meadows (2008)). But these topics have,
thus far, been relatively neglected by philosophers. This should not
be so. The relevance of new technologies to our lives has attracted
academic attention in large part because it appears to raise
questions about how new kinds of interactions with others and our
environment might alter, shape or otherwise affect our
self-conceptions, our thoughts and other aspects of our cognitive
and emotional lives. And the project of ascertaining which
properties of ourselves and our conduct make essential contributions
to aspects of our minds and personhood is one in which philosophers
are traditionally engaged.
This neglect looks stranger still when considered alongside the
emphasis put by recent philosophy of mind on the essential
contributions that the environments (in which we are embedded) and
our modes of interaction (with those environments) can make to our
mental lives (e.g. Clark (1997, 2008), Noë (2004)). If we
acknowledge our informational environment and our capacities for
interaction with it can constitutively shape our mentality, we
should consider whether radical changes in that environment and its
interactive affordances may have similarly radical implications for
our mental lives, and perhaps for the sorts of persons we are.
So, what implications do new informational environments and
affordances have for philosophical views of personal identity? And
what light, if any, can existing philosophical work on personal
identity shine on the conceptual issues that arise when talking and
thinking about agents, environments and interactions that span or
blur the real/virtual and online/offline divides? Our panel session
will address these issues. It will comprise four researchers from
different philosophical backgrounds (Prof. Luciano Floridi (Oxford,
Hertfordshire), Dr. Ezio Di Nucci (Essen), Prof. Giorgio Bertolotti
(Milan) and Dr. Dave Ward (Hertfordshire)) whose work intersects on
the potential relevance of online environments for philosophical
work on personal identity. Each panelist will give a short (c.10
minute) presentation of their current work on these topics, followed
by a round-table discussion and question and answer session.
Workshop paper abstracts
|
Paper 1 |
Privacy Enhancing Technologies. A Review. Yun Shen and Siani Pearson. HP Labs Bristol, UK |
Organisations handle employees', customers' and third parties' Personally Identifiable Information (PII) in a number of ways and for a variety of reasons; when doing this, it is important that privacy is taken into account. Privacy Enhancing Technologies (PETs) provide a mechanism that helps with this, and can be used in conjunction with higher level policy definition, human processes, training, etc. In this paper we conduct a brief survey of Privacy Enhancing Technologies (PETs) in recent years and show how these may help address different types of privacy harm to employees, customers and, more generally, to the data subjects.
|
Paper 2 |
The use of biometric technology in Iraq. Sarah Lovell. US National Academy of Sciences, USA |
Biometrics technology is being used in U.S. operations in Iraq in unprecedented ways. The U.S. Department of Defense (DOD) now biometrically vets all applicants for employment on military bases in Iraq, and provides identification matches to persons of interest. The DOD’s Tactical Biometric System (TBS) is being used a proof-of-concept to demonstrate the feasibility of deploying biometric capabilities through static stations, networks, hand-held devices, and satellite transmission systems, and the DOD fingerprint database has more than doubled in size due to the widespread biometric data collection in Iraq. TBS has been in place in Iraq for over five years now and there is a great need to research the impact of its use. For one, there is little to no means for refusal of this data collection from Iraqi citizens and there is no formal means for correcting misinformation. Based on personal experience and research during a year working with the TBS in Iraq, I will present cases where ethics and technical concerns are present. This publication will also lay out scenarios of what might happen to the database information upon transitioning from US to Iraqi government control, highlighting concerns about privacy, freedom and justice. Given that the use of biometric technology is gaining in reputation and results, a critical understanding is needed of how the TBS should be used and who should have access to it. I hope to show how the TBS might influence the trajectory of surveillance technologies in the US and other countries.
|
Paper 3 |
Incorporating Biometrics into Veiled Certificates: Preventing Unauthorized Use of Anonymous Certificates. John Gerdes and Chin-Tser Huang, University of South Carolina, USA |
Traditional digital certificates have an embedded public key which allows an individual to authenticate her ownership of, or more correctly her access to the associated private key. There is a basic assumption that the individual never shares her private key. Under this assumption digital certificates prevent identity theft. However, they do not address the case where the owner of the digital certificate accidently or knowingly exposes her private key to others. Adding biometrics ties a certificate to a specific individual, and thereby prevents an attacker from using the certificate even if he has access to the associated private key. Veiled certificates (VCs) extend traditional certificates to support anonymous credentialing. They explicitly eliminate the ability of independent systems from using an individual’s credential to link records across their information systems. Adding a traditional biometric signature would erase this feature since a common biometric signature can now be used to link an individual’s records. In this paper we propose a new method by which biometric authentication can be incorporated into veiled certificates without impacting the anonymity provided by them. This non-linkability extends to multiple certificates issued to the same individual, each containing the biometric authentication.
|
Paper 4 |
Public sector engagement with online identity management. David Barnard-Wills and Debi Ashenden, Cranfield University, UK |
This paper examines UK public sector engagement efforts in the field of online identity management using Governmentality theory. It finds a high degree of consistency across engagement campaigns, promoting of individual responsibility. Examining the impact of these efforts, the paper finds that they fail to promote engagement, increasing concern but not confidence. The paper concludes with an outline of a narrative research strategy that is hoped will provide a broader understanding of engagement in online identity management.
|
Paper 5 |
Digital Identity in the absence of authorities: a new socio-technical approach. Mark McLaughlin, Gerard Briscoe, Paul Malone, Waterford Institute of Technology, Ireland |
On the Internet large service providers tend to control the digital identities of users. These defacto identity authorities wield significant power over users, com- pelling them to comply with non-negotiable terms, before access to services is granted. In doing so, users expose themselves to privacy risks, manipulation and exploitation via direct marketing. Against this backdrop, the emerging areas of Digital Ecosysems and user-centric identity emphasise decentralised environments with independent self-determining entities that control their own data and identity. We show that recent advances in user-centric identity, federated identity and trust have prepared the ground for decentralised identity provisioning. We show how social trust, rather than blind deference to authorities, can provide a basis for identity, where risks can be weighed and compared rather than merely accepted. Finally, we highlight the potential impacts of distributed identity provisioning in the Information Society and give a brief roadmap for its general implementation and adoption.
|
Paper 6 |
Positive identities: anonymity and privacy of HIV patients within organizations in Italy. Chiara Fonio, Universita Cattolica, Milano, Italy |
In the Italian legal context, there are several provisions regarding health data that require the anonymity of data. The protection of identity of HIV patients is provided both by the article 5. of the Italian Personal Data Protection Code and by the law 135/1990. The latter represents also the main frame of the fight against AIDS in Italy. The paper explores either the issue of HIV/AIDS surveillance system in Italy or the national legal and policy frameworks that guarantee informed consent as far as HIV testing and protect the rights and dignity of the persons living with and affected by HIV/AIDS . Additionally, efforts are made to shed light on potential discrepancies between the implementation of the law and the reception of it by organizations (i.e. hospitals, schools) and society (i.e. social stigma and the role played by mainstream media). Empirical evidence gathered through interviews to doctors, NGOs volunteers and patients, is mainly focused on the current situation in Milan that along with Rome not only has the highest annual AIDS incidence rate in Italy (World Health Organization) but it is also particularly vital in terms of non-governmental social support, prevention and specific counseling.
|
Paper 7 |
Privacy and the maintenance of personal identity in information society: a preliminary investigation. Nadja Kanellopoulou, EnCoRe project, University of Oxford, UK |
This paper undertakes a conceptual investigation in the relationship between the protection of individual privacy and personal identity. The methodology used is a joint legal and philosophical analysis of the connection between privacy and personal identity, and its significance in increasingly interactive informational environments. This work understands privacy as an essential tool for the maintenance of personal identity in contemporary civil society. It considers privacy as a constitutive element in the shaping of personal identity, in both individual and relational terms, and it views privacy as an essential property of how individuals come to shape their self-understanding, own perception and development. The proposed novel account of privacy as maintenance of personal identity aims to accommodate a flexible notion of self-perception, self-(re)presentation and social interaction in modern information society.
|
Paper 8 |
Human-Centred Identity – From Rhetoric to Reality. Adrian Rahaman & Angela Sasse, University College London, UK |
This paper presents a proposal for human-centred identity management. Even though the term ‘human-centred identity’ has been widely used in the past few years, the solutions either descritbe a technical system for managing identity, or describe an identity management solution that meets a particular administrative need. Our proposal, however, presents a set of propertis that have to be considered, and the choices have to be made for each property must satisfy the needs of both the individual and the organization that owns the identity management system. The properties were identified as a result of reviewing a range of national identity systems, and the problems that arise from them.