digital responsibility: towards a new world order ?
DESCRIPTION
Our digital society has undergone profound transformations in the way we work, learn, live and participate. Having transformed our world into a great co-creation Wiki challenges many assumptions and models that need to be revisited. Based on several examples in the area of security drawn from the industry and our research, we argue there is an emerging notion of Digital Responsibility paving the way to further significant societal changes. A new world order or incremental changes ? One thing is sure, ICT has and will continue to challenge our historical assumptions requiring major mindset changes and more transparency.TRANSCRIPT
Digital Responsibility: Towards a New World Order ?
Seoul, November 9, 2011
National Information Society Agency Seoul, South Korea
Prof. Jean-Henry Morin University of Geneva – HEC Institute of Services Science
http://jean-henry.com/
J.-H. Morin
Outline
• Intro & Context
• Example #1 : Trust in the Digital Age • 1 Paradox • 3 situations
• Enterprise & Corporate Sector • Entertainment & Media • Cloud Computing
• 1 Discussion
• Example #2 : Personal Information in the Digital Age
• Discussion and Open Issues
Context
J.-H. Morin
Smart Society (NIA 2011)
● Beyond Web 2.0
● Core Values for a Sustainable Future: ● Openness ● Sharing ● Cooperation
Are we ready for this ? Ludwig Gatzke
Example #1 Trust in the Digital Age
J.-H. Morin
A Paradox
We talk about Trust and Trusted Computing in
the digital age…
…but everything relies on a distrust assumption
http://zatoichi.homeip.net/~brain/TrustedComputing.jpg
Situation #1
Enterprise & Corporate Sector
J.-H. Morin
Who has NEVER « worked around » security policies to legitimately complete work that systems
Prevented from doing ?
J.-H. Morin
53 % !!!
J.-H. Morin
Enterprise & Corporate Sector: Corporate Security Policies
• 53% admit circumventing corporate security policies to get the work done (EMC RSA Security, 2008)
• Among the most cited reasons justifying circumventing corporate security policies (Cisco, 2008)
a) Doesn’t correspond to the operational reality nor to what is required to get the work done
b) Need to access applications not belonging to or authorized by corporate IT policies to work
• Consequences: increase in risks and costs • Requires « creativity » to get the job done ! • Increased stress due to unauthorized actions • Inefficiencies • Untraceable transgressions / violations
Situation #2
Entertainment & Media
J.-H. Morin
New Media Warrants New Thinking
© Chappatte in "Le Temps" (Geneva), Jan 21, 2006
J.-H. Morin
How did we get here… … a dystopian scenario ?
http://www.flickr.com/search/?q=DRM
J.-H. Morin
Some Popular Misconceptions
• Information Wants to be “free”
• DRM is Evil : “Digital Restriction Management” (FSF, EFF, etc.)
• Users are Criminals : 12 year old
girl sued by RIAA
• P2P is “bad” : File Sharing & Downloading is a Crime
Etc.
Ted Talks, Mars 2007
Larry Lessig: How creativity is being strangled by the law
http://www.ted.com/index.php/talks/view/id/187
Remix & ©
Fair Use ? Universal Music VS dancing toddler
J.-H. Morin
RIAA Scum Bird
http://bit.ly/akxivr
J.-H. Morin
Extremism
• Larry Lessig Speech at Italian Parliament: Internet is Freedom
http://blip.tv/file/3332375/
Etc.
VS 2 M iPads sold in 60 days !!!
J.-H. Morin
The Legal haystack! Three Strikes Graduated Response
French HADOPI Three-Strikes Graduated Response invites itself to the land of Shakespeare
J.-H. Morin
Doomed initiatives !
• Fundamental Rights: • Internet access has been recognized as a fundamental
right, EU Parliament massively rejects three strikes graduated responses (481 votes against 25, in 2010)
• Technically inapplicable: • Deep Packet Inspection and false positives
http://dmca.cs.washington.edu/
• Legally inapplicable: • Territorial nature of such laws VS global media
• ACTA
J.-H. Morin
Entertainment & Media
• Consequences : • Criminalizing ordinary people (no impact on organized
crime)
• Loss of hard fought rights ! (Fair Use, private copy, etc.)
• Presumption of guiltiness ! (onus probandi ?)
• Internet access is increasingly recognized as a fundamental right (EU parliament)
• Exclusion, Inapplicability technical and legal
• Etc.
Situation #3
Cloud Computing
J.-H. Morin
Cloud Computing
• The World is Changing: PaaS, IaaS, SaaS
Etc.
J.-H. Morin
Cloud Computing
• So are customers
Etc.
Discussion
What do these 3 situations teach us about Trust in the digital age ?
J.-H. Morin
Discussion
• Situations 1 et 2 : • Enterprise and Corporate • Entertainment and Media
Rely on an fundamental assumption: « Distrust »
Time for a mindset change ?
J.-H. Morin
Security is bypassed not attacked
Inspired by Adi Shamir, Turing Award lecture, 2002!
J.-H. Morin
The Human Factor
IMG: J. Anderson
J.-H. Morin
Discussion
• Situation 3 • Cloud : There’s Hope!
Is it an Emerging sign of « Trust »
?
J.-H. Morin
Information Security
2
!"
Organisations are changing
Weak
Internal
relationships
Strong
External
relationships
!"#$%& !'()*&
+,(-./012
+3)4(0/562
Trend
!"
People will dominate your future
!"#$%&'(')$%*&%+,&*)-.(/*,%0$1')/(2%/3%4/,5%
.,6%&7'&&28
Debi Ashenden
UK Defence Academy
David Lacey, Managing the human factor in information security, John Wiley & Sons, 2009
J.-H. Morin
Discussion
• Is it enough ?
Most likely Not !
• We need to put Trust back to where it belongs : People ! • Not in « computational » terms • Reinstate people in their Roles, Rights and Obligations
Digital Responsibility
J.-H. Morin
Can we fix “it” ? • Assuming :
• Security is needed (managed content) • Total Security is neither realistic nor desirable • Given the right User Experience and Business Models
most users smoothly comply (e.g., iTunes) • Most users aren’t criminals
• We need to take a step back to : • Critically re-think “it” • Reconsider the debate outside the either/or extremes of
total vs. no security • Re-design “it” from ground up
J.-H. Morin
Rethinking & Redesigning DRM
• Acknowledge the Central role of the User and User Experience • Reinstate Users in their roles & rights • Presumption of innocence & the burden of proof
• Fundamental guiding principle to Rethink and Redesign DRM : Feltens’ “Copyright Balance” principle (Felten, 2005)
“Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted
material should not be prevented from doing so by any DRM system.”
• Claim and Proposition : • Put the trust back into the hands of the users • Reverse the distrust assumption • Requires a major paradigm shift
J.-H. Morin
Rethinking & Redesigning DRM (cont.)
• Exception Management in DRM environments, mixing water with fire ? Not necessarily !
• Reversing the distrust assumption puts the user “in charge”, facing his responsibilities
• Allow users to make Exception Claims, granting them Short Lived Licenses based on some form of logging and monitoring
• Use Credentials as tokens for logging to detect and monitor abuses
• Credential are Revocable in order to deal with abuse and misuse situations
• Mutually acknowledged need for managed content while allowing all actors a smooth usability experience
(Morin and Pawlak, 2007, 2008); (Morin 2008, 2009)
J.-H. Morin
Technology Transfer
34
Partnership with Fasoo.com • June 2011, Integration of the Exception Management
model as « Provisional Licensing »
Example #2 Personal Information Management
in Social Networks
J.-H. Morin
Source : http://samatman.com/
“The Digital Human” Digital Crumbs
J.-H. Morin
Personal Information Serious Games
• http://www.2025exmachina.net/
J.-H. Morin
A “Serious” problem in Social Networks and Services
Socially-Responsible Management of Personal Information • Personal Information
• Different from Personally Identifying Information (PII) • Subject to legal frameworks in most countries
• Increasingly shared on social networks • Blurring boundaries between private and public life
Legitimate concern (i.e., rights) over our information in terms of lifetime, usage purposes, access, etc.
J.-H. Morin
Privacy Made in Google
http://current.com/shows/supernews/91659341_the-google-toilet.htm
J.-H. Morin
Problems and Issues
• Publish / share once, publish / share
forever • Indexing and searching
• Who “owns” and manages YOUR information (SLAs) ? Raging debates. • Who’s information is it ? • Do you retain control ?
• Semantic searching capabilities
J.-H. Morin
The Right to Forget
• Right to Forget : fundamental
human right threatened by the digital nature of information (i.e., searchable)
• Traditional Media (i.e., non digital) “Memory” erodes over time • Labor and cost intensive
• Digital Media, requires explicit human intervention to “make forget” information (Rouvroy, 2007)
J.-H. Morin
France : Legal Approach (again!)
• French Minister of Forward Planning
and Development of the Digital Economy
• Public consultation on the issue… … towards a law on digital forgetfulness… Finally a “best practice” agreement
J.-H. Morin
Anonymity and Privacy
• Anonymity and Privacy are fundamental
to social networking • It’s not a “bug”, it’s a feature ! • It’s not schizophrenia !
• Multiple legitimate personas (e.g., work, family, communities, etc.)
• How do we deal with it in a socially-responsible and ethically sustainable way ?
• Cyber bullying (e.g., Akple in Korea) Requires traceability and accountability of
information (i.e., managed information)
J.-H. Morin
Key Question
• Is Privacy and personal information
threatened by current social networking services ?
• We contend there is a need for Managed Personal Information • Socially-responsible and sustainable
How can we retain an acceptable (by all) level of
control over our personal information ?
J.-H. Morin
Proposition
• Personal Information should be
augmented with a layer accounting for its management
• Alongside other metadata increasingly used in addressing the semantic dimension of our electronic services
• We argue DRM combined with Exception Management may be a promising path towards : • Socially-Responsible management of personal
information in social networks and services
(Morin, 2010)
J.-H. Morin
From Identity to Personal Information
http://identityblog.com/
J.-H. Morin
Argument & Discussion
• What do these Examples tell us ?
• Emerging notion of “ Informed Trust and Accountability ” : Digital Responsibility
• Cost : Major mindset change + transparency
J.-H. Morin
To Summarize
• Web 2.0 has reshuffled the powers • eParticipation is here to stay • Change is happening (not something ahead of us) • Many problems have become global by nature
(thus usual institutions approaches and remedies are obsolete)
• Responsibility is emerging as a basis for sustainable digital societal evolution
• Digital Literacy is KEY in shaping the future of our now digital lives
Join the conversation...
J.-H. Morin
Designing the Smart Society
Technology is a means serving practices and society. Being able to assess and
evaluate the risks as well as the opportunities is key in enabling a
responsible and sustainable participative, service oriented society.
In the XXI century, Digital Literacy,
Critical Thinking and Participation are key elements to Design and shape the
Future of our Smart society
관심을 가져 주셔서 감사합니다
… Q & A Contacts:
Prof. Jean-Henry Morin University of Geneva – CUI
Institute of Services Science http://iss.unige.ch/
@jhmorin
http://ch.linkedin.com/in/jhmorin
http://www.slideshare.net/jhmorin
http://jean-henry.com/