cis 2015 the ethics of personal data - robin wilton
TRANSCRIPT
The Ethics of Personal Data Robin Wilton
Technical Outreach Director Identity and Privacy
[email protected] @futureidentity
The Internet Society’s mission
To promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world.
The Internet is for Everyone
2
NORTH AMERICA
LATIN AMERICA/CARIBBEAN
EUROPE
AFRICA THE MIDDLE EAST
ASIA
The Internet Society’s Global Presence
109 Chapters Worldwide
72k Members and Supporters
146 Organization Members
5 Regional Bureaus
18 Countries with ISOC Offices 3
“Ethics? I thought this was a techie conference…”
5
What do I mean by ethics, anyway?
Three main models:
• Consequences (a.k.a. consequentialist or utilitarian)
• Rules (a.k.a. deontological. Yeah, I know…)
• Fairness (a.k.a. Justice… but without the leotards)
Shortcomings of two of the models
6
• Consequences • Asymmetry of power; • Harm/risk often diluted and hard to quantify • “Best for whom?” – “balance” vs “optimisation”
• Rules • Poor for cross-border/cross-culture cases • Poor if enforcement is lacking • Enforcement is lacking
• Which leaves Fairness…
OK, so what do I mean by Fairness?
7
• Legitimacy • (Not the same as legality) • “No surprises” should be a good principle
• Transparency • “No surprises” should not mean “because we didn’t tell you” • Openness to scrutiny by third parties (e.g. ToSBack/2)
• Accountability • A focus on “should we do this?”, rather than “can we do
this?” • Effective redress in case of failure
Ethical data handling (through the handy lens of IoT)
• IoT and consent • IoT and autonomy • IoT and agency*
* … whatever it is that puts a user’s intentions and preferences into practice
Ethical data handling (through the handy lens of IoT)
• Consent • Wearables, implants, pre-diagnosis
• Autonomy
• Driverless vehicles • Algorithms
• Agency
• User agents: scalability and control? • Insertion into current business models
The future is already here…
• IoT gives rise to models and approaches that undermine human agency
• Non-human agents and autonomous systems are not ethically neutral
• Devices make it increasingly hard to maintain “persona separation”
The distributed, mediated model opens up new options
• Identity Relationships can be Managed (and not only by the two parties concerned)
• User agents are a potential answer to scalability
• User agents may help with “consent fatigue”
• User agents could take many forms…
Internet Society activities in this area
• Ethical data handling (policy and technical)
• User privacy choices (research project)
• Vectors of Trust initiative
• TosBack/2
• Support for Kantara work on • UMA • IRM • Consent Receipts
• Support for work on attribute lifecycles
But…
• Current (risk/compliance) approaches lead to a check-box mentality
• Practical guidance on ethical data handling is lacking
• IoT-scale data increases the incentive for monetization
Conclusions
• We should be exploiting Internet architectures for greater user empowerment
• We should be putting device intelligence to use on our behalf
• There are viable niches in the data ecosystem for privacy-enhancing, ethical agents
• We need to draft practical guidelines for ethical data-handling
Thank You
15
Robin Wilton Technical Outreach Director Identity and Privacy
[email protected] @futureidentity