The Ethics of Personal Data Robin Wilton

Technical Outreach Director Identity and Privacy

wilton@isoc.org @futureidentity

The Internet Society’s mission

To promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world.

The Internet is for Everyone

2

NORTH AMERICA

LATIN AMERICA/CARIBBEAN

EUROPE

AFRICA THE MIDDLE EAST

ASIA

The Internet Society’s Global Presence

109 Chapters Worldwide

72k Members and Supporters

146 Organization Members

5 Regional Bureaus

18 Countries with ISOC Offices 3

Technical context and practicalities

4

“Ethics? I thought this was a techie conference…”

5

What do I mean by ethics, anyway?

Three main models:

•  Consequences (a.k.a. consequentialist or utilitarian)

•  Rules (a.k.a. deontological. Yeah, I know…)

•  Fairness (a.k.a. Justice… but without the leotards)

Shortcomings of two of the models

6

•  Consequences •  Asymmetry of power; •  Harm/risk often diluted and hard to quantify •  “Best for whom?” – “balance” vs “optimisation”

•  Rules •  Poor for cross-border/cross-culture cases •  Poor if enforcement is lacking •  Enforcement is lacking

•  Which leaves Fairness…

OK, so what do I mean by Fairness?

7

•  Legitimacy •  (Not the same as legality) •  “No surprises” should be a good principle

•  Transparency •  “No surprises” should not mean “because we didn’t tell you” •  Openness to scrutiny by third parties (e.g. ToSBack/2)

•  Accountability •  A focus on “should we do this?”, rather than “can we do

this?” •  Effective redress in case of failure

Ethical data handling (through the handy lens of IoT)

•  IoT and consent •  IoT and autonomy •  IoT and agency*

* … whatever it is that puts a user’s intentions and preferences into practice

Ethical data handling (through the handy lens of IoT)

•  Consent •  Wearables, implants, pre-diagnosis

•  Autonomy

•  Driverless vehicles •  Algorithms

•  Agency

•  User agents: scalability and control? •  Insertion into current business models

The future is already here…

•  IoT gives rise to models and approaches that undermine human agency

•  Non-human agents and autonomous systems are not ethically neutral

•  Devices make it increasingly hard to maintain “persona separation”

The distributed, mediated model opens up new options

•  Identity Relationships can be Managed (and not only by the two parties concerned)

•  User agents are a potential answer to scalability

•  User agents may help with “consent fatigue”

•  User agents could take many forms…

Internet Society activities in this area

•  Ethical data handling (policy and technical)

•  User privacy choices (research project)

•  Vectors of Trust initiative

•  TosBack/2

•  Support for Kantara work on •  UMA •  IRM •  Consent Receipts

•  Support for work on attribute lifecycles

But…

•  Current (risk/compliance) approaches lead to a check-box mentality

•  Practical guidance on ethical data handling is lacking

•  IoT-scale data increases the incentive for monetization

Conclusions

•  We should be exploiting Internet architectures for greater user empowerment

•  We should be putting device intelligence to use on our behalf

•  There are viable niches in the data ecosystem for privacy-enhancing, ethical agents

•  We need to draft practical guidelines for ethical data-handling

Thank You

15

Robin Wilton Technical Outreach Director Identity and Privacy

wilton@isoc.org @futureidentity