kosa - theory for privacy measuring v2
TRANSCRIPT
Why Privacy?
Discipline Specificity
Problem
● Research across disciplines suffers because there is no unifed mechanism for measurement
● Computer science has focussed on policy enforcement, ontologies and taxonomies
● Nobody looks at individual privacy preferences in a given environment, which is the basis for legislation
– And also how requirements must be derived
2 Examples
● Facebook● Twitter
People on Facebook
People on Facebook
Versus
Hypothesis
● Disregarding the value-based approach to privacy, it's possible to dervie a finite representation based on discrete factors
● The representation can be used to understand privacy betteracross disciplines
– Standardization– Measurement– Management
Theoretical Framework
● Scientific / mathematical determinism● Plus.
The States
1)Private: existence is unknown
2)Unidentified: presence is known
3)Anonymous: information known but no identity
4)Masked: identity linkage is concealed
5)De-identified: identity is not directly linked
6)Pseudonymous: identity is falsefied
7)Confidential: identity is known for a specific purpose
8)Identified: capable of being distinguised
9)Public: everything is known and assigned
Factors
● Human: considerations when privacy decisions are made
● Technology: services that computers perform related to information management
● Data Types: types of identifiable information
● Recepient: machine v. human● Architecture: characteristics of the physical
environment
Human
● Human privacy rules are specific to the establishment; they are reflected in the physical structure and properties of society
● Each individual has a social contact threshold which determines how they exercise their privacy rights
● Examples:● Subject matter of the object● Control of disclosure, information, audience● Social structure and condition● Visibility● Expectations
Data Types
● Notion of privacy as information protection is well represented in legislaiton and regulation across the world
● Less widely used is the notion of identifiability: that data exists that may or may not include the traditional identifiers, e.g. Name, but may still uniquely identify a person● What is more private: a phone number or a
prescription?
Technology
● Computers are generally accepted to be an effective tool for information management; used to acquire, organize, retrieve, search and maintain information
● This happens increasingly without human intervention
● When it comes to managing information about an identifiable person, there are a discrete number of functions that computers can provide
● Examples:● Network, hosting, registration, mail, website/portal, software,
backup
Proposed Formalization
1) Sn = w H f (H )+ wD f (D)+ wT f (T )
2) f (Factor) = (w1F1 + w2 F2 +... + wn Fn )
3) The more positive the individual factors, the higher to total result of the factor set, the more likely the individual will move to a lower state of privacy, Sm>Sn
Transitions
● Forward● I disclose about me, my objects● You disclose about me, my objects
● Backward● information redaction● information protection
Questions For You
● How do people make decisions?● Specifically in social situations?
● How does space change behaviour?● Any suggestions for testing?● What are the other disciplines that talk about
space, privacy, representation of self?● Suggestions on theoretical frameworks?
An Offer