ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
Trust and the web veria 11 12- 09
1. Trust and the Web George Metakides Veria December 11 2009
2. Trust undelries the foundations of Civilization Agricultural Industrial Information…. 21st 19th-20th 15th 3000 B.C. Writing Electricity Τelephony Τelevision Printing Internet
3. Cryptography : Security(how to tell a secret) The Caesar Cipher abcdefghijklmnopqrstuvwxyz k=4 defghijklmnopqrstuvwxyzabc DwwdfnQrz (Suetonius : (De Vita caesarum ,2ndcent.a.d.)
4. Electricity : Safety 1880 First Applications (factories) Few houses(lighting) Lack of Trust ! 1920 Invasion of households (appliances) Integrated everywhere « Reasonable» trust TodayThe Internet/Web is around…1900 !
5. Cryptography(how to tell a secret) The Caesar Cipher abcdefghijklmnopqrstuvwxyz k=4 defghijklmnopqrstuvwxyzabc DwwdfnQrz (Suetonius : (De Vita caesarum ,2ndcent.a.d.)
13. Security in Converged Networks (inherited problems / inherited solutions?) Multi Play Multi Play a la carte Eavesdropping Masquerading VoIP ISPs CABLE MOBILE NETWORKS FIXED NETWORKS VNOs NGN/IMS Denial of Serice Service fraud
43. The Economics of Safety!Safety metrics ? Safety “Seal of Approval” What is “satisfacory” ?
44.
45. Issues at stake Network Security – Threats System Safety – Software Privacy –Personal Data
46. Privacy and Personal data Companies: Customer profiling Governments: Service provision and … Google street ,Webcams ,Facebook ,You Tube … Options for users(opt-in / opt-out) Data retention Data deletion Νew legislation
48. Investing in Security How much should organizations spend on information security? Governments, vendors say: much more than at present (But they’ve been saying this for 20 years!) Measurements of security return-on-investment suggest current expenditure may be about right ! “negative “ incentives just starting (regulatory framework, fines ). Benefits for early adopters elusive.
49. Security Market ROI + - Coming…. Liability as an Incentive Class actions? We are here
50. But Reality is pressing ! Internet security Code red ICT Systems Security Le cyber-espionnage économique entre dans le Top 3 des menaces Grosse faille du web, et solution en chemin Cyberwar and real war collide in Georgia Revealed: 8 million victims in the world's biggest cyber heist Critical infrastructures open to attack, says study YouTube case opens can of worms on online privacy Privacy La colère associative monte contre Edvige, le fichier policier de données personnelles Phorm to use BT customers to test precision advertising system on net (Aug) Google To Slice Existing 18 Month Data Retention Period In Half Big Brother Spying on Americans' Internet Data? Trust The dangers of cloud computing Lesson From a Crisis: When Trust Vanishes, Worry Internet key to Obama victories (Apr) Article 29 Working Party of EDPOs: the EU’s Data Protection Directive generally applies to the processing of personal data by search engines, even when their headquarters are outside the EU
51. Trust and Society Trustworthy systems and practices play important role in democratic our society: legal code, institutions, moral code, reliable technology, … It took generations to build our democratic values – Europe must nurture them into the digital age.
52. EU Legal framework on Data protection and Privacy and Technology DP Directive: 95/46/EC, Privacy Directive:2002/58/EC Personal Data: information relating to an identified or identifiable person Scope: Material: which information and processes addressed Personal: which roles (data controller, processor, subject) Territorial: applicable law, cross-border data transfer Issues: Linked data, smart data mining and Personal Data Accountability and transparency of controller and processor; need for technology support Risk assessment and user control, need for technology support
61. Auditing and Law enforcementPolicy & Regulation Security, Privacy, Trust Interplay in the Information Society
62. Game Machine DVC STB TV PC e t Audio r c a a Energy Networks m p DVD S Telephone S Future Internet Digital Living eHealth & Health networks Transport Networks Trusted & Smart “everything”
63. RISEPTIS Advisory Board Research and Innovation in SEcurity, Privacy and Trustworthiness in the Information Society Objective: provide visionary guidance on policy and research challenges in the field of security and trust in the Information Society. Chair: George Metakides (U Patras, CTI) Members: Dario Avallone(Engineering), Giovanni Barontini (Finmeccanica), Kim Cameron (Microsoft), William Dutton (Oxford Internet Institute), Anja Feldmann (Deutsche Telekom), Laila Gide (Thales), Carlos Jimenez (Secuware), Willem Jonker (Philips), Mika Lauhde (Nokia), Sachar Paulus (U. Brandenburg, ISSECO), Reinhard Posch (CIO GOV. Austria, TU Graz, A-SIT), Bart Preneel (KU Leuven), Kai Rannenberg (U. Frankfurt, CEPIS), Jacques Seneca (Gemalto); Observer: Peter Hustinx (Observer)Support: Willie Donnelly (WIT), Keith Howker (WIT), Sathya Rao (Telscom), Michel Riguidel (ENST), Neeraj Suri (U. Darmstadt) Jacques Bus, Thomas Skordas, Dirk van Rooy (EC)
64. RISEPTIS Mission and Objectives Mission: develop a European vision on research and policy for trustworthiness in the future Information Society Policy http://www.think-trust.eu/riseptis.html Research Personalised Services Future Internet Trustworthiness Input to: Two sides: “User Centricity”: From Principles to Action!
65.
66.
67.
68. Recommendation 2: The EC should support concrete initiatives that bring together technology, policy, legal and social-economic actors for the development of a trustworthy Information Society. Trust and Trustworthiness is the basis for economic and social transaction It will facilitate economic growth and a stable society Transpose old social values into digital space, by building platforms and tools to help citizens, enterprises and public organisations to measure trust, control assets and data Partnership for “Trust in Digital Life”initiated by Gemalto, Microsoft, Nokiaand Philips
69. Recommendation 3: The EC, together with the Member States and industrial stakeholders, must give high priority to the development of a common EU framework for identity and authentication management Federative, based on MS’s eID systems Compliant with legal frameworkon data protection and privacy Based on “Laws of Privacy”(user control, minimal disclosureconstraint use, justifiable parties, …) Facilitating full spectrum: public admin, banking with strong authentication simple web activities in anonymity
70. Recommendation 4: The EC should work towards the further development of the EU data protection and privacy legal frameworks as part of an overall consistent ecosystem of law and technology Data breach notification extended Definition of personal data Strengthen accountability & transparency tools Consider consumer & liability laws Part of an overall policy that should be closely interlinked with technology progress Continuity, usability, trustworthiness and user-centric privacy protection are essential
71. Recommendation 5: The EC together with industrial and public stakeholders should develop large-scale actions towards building a trustworthy Information Society Europe has: long-established social trust, scientific and technology capacities well-developed industrial and service structures Large-scale projects are needed to take advantage of these strengths Develop a techno-legal ecosystem for trust, security and privacy, that is amenable globally
72. Recommendation 6: The EC should recognise that, in order to be effective, it should address the global dimension and foster engagement in international discussions Global Open Standards Federated frameworks forinteroperability (travel and ID) Global Law Enforcement in theInternet Consumer protection for use of global e-services Privacy and data protection in global data exchange With respect for local cultures
73. Trustworthiness An Interdisciplinary Approach Internet/Web Engineering SW Systems Networks Critical Infrastuctures Citizens Society Regulation Multi-disciplinary! Trustworthiness andWeb Science
121. The role of security and privacyPhoto Credit Yuri Arcurs
122. 42 Trust 101 X trusts Y Meaningless: trust can only be understood in the context of trustworthiness Trustworthiness is a property of Y Y is trustworthy = she represents her intentions and motivations accurately Trust is an attitude of X X trusts Y = X believes that Y is trustworthy Trust is a 3-way relation – includes a context X trusts Y to do P
123. 43 The Disconnect X benefits from Y being trustworthy BUT only controls his trust Y benefits from X’s trust BUT only controls her trustworthiness Fundamental, ineradicable uncertainties of cooperative behaviour
124. 44 The Essential Problem of Trust NOT: How can we increase trust? BUT: How can we causally connect trust and trustworthiness so that we trust someone if and only if they are trustworthy?
126. 46 3 Sources of Uncertainty Y sends signals of her trustworthiness Are the signals accurate? Is Y gaming the signal system? Period of time between X investing resources and Y delivering performance X cannot act until Y is proven to have defected Possibility of X applying sanctions to Y Will sanctions be effective? Can X apply them to Y? All these three exacerbated by the Web Connected world by jvwarehouse on Photobucket
127. 47 Signalling on the Web Dramatic reduction in bandwidth compared to offline transactions New conventions, not widely understood Trust distributed across many types of agent Human Software agent Website Organisation Distributed coalition Knowledge source Protocol Infrastructure Image technexus.com
128. 48 Time on the Web Digital information can be copied or transferred at speed of light E-crime is instantaneous Reputation information is backward-facing Provides no certainty about future behaviour World At Work by Theo Deutinger
129. 49 Sanctions on the Web Uncertain identity Uncertain jurisdiction Fewer repeat transactions More one-shot interactions
130. Content on the Web Provenance – what, who, when and where Much valuable content is authorless What is the role of government public data and what is its value? 50 Web Science research issue: Does open public data increase trust?
131. Online Institutions Traditional Solutions Physical Institutions Reputation management Note: Solutions can only be partial Decentralised Web makes institutions hard to set up Problems of enforcement Online institutions also suffer from problems of jurisdiction, low bandwidth (compared to offline) Systemic risk Usability issues (e.g. PKI) 51 Web Science research issue: how to design institutions for certifying trustworthiness and promoting trust
132. 52 Online Reputation Assembly of historical data How to stop changes of identity How to interpret ratings Is the reputation for the buyer’s convenience? He uses historical data to estimate future trustworthiness Uncertain Is it for the seller’s convenience? She wants to preserve her reputation Only works if she wants to interact again in the future Web Science research issue: how best to represent and manage reputation, and understand its significance for buyer and seller
133. 53 The Dark Side Not all trust is good Criminal fraternity have low-risk solutions to trust problem Auction sites for selling identities, credit cards etc Fast assembly of short-term criminal coalitions Web Science research issue: how can we disrupt trust (increase mistrust) in degenerate systems
134. 54 Which Way Round? Does trustworthiness cause trust? Y proves her trustworthiness via certificates, behaviour, qualifications etc Weber Does trust cause trustworthiness? X trusts Y and accepts her into his moral community Y learns trustworthy behaviour Durkheim Web Science research issue: understand the causal direction of the relation
135. 55 Changes in Attitude early Web: trust => trustworthiness Assumption of good faith Knowledge sharing tool middle Web: trustworthiness => trust E-commerce Security/identity infrastructures Current Web: trust <=> trustworthiness Elements of both Social networking Generational issues
136. 56 Role of Web Science Clearly a problem with social and technological aspects How does offline behaviour transfer to the Web? How do we cope with the lowered information bandwidth? What new forms of behaviour have arrived? How can infrastructure be designed? Usability Effectiveness
137.
138. develop the framework and institutions needed to govern interactions in the digital ecology
140. Trusta Web Science Perspective Understanding trust in the age of the Web is about Technology Sociology Psychology Economics Law It is about Web Science
141. Technology evolutions New generations of threats to trust as well ! Fiber optics : High data-rate & Massive (flows, data, services) Radio : Pervasive : Ubiquity => cooperation Software : Diversity => Complex, heterogeneous Linked Data / Semantic Search Peer to Peer / Cloud 59
142. Governance, Management issues Trust Management Designing security policies and process -- Identity Management (Multiple identities?) Data Archive : auditability, signature of contracts Communication: security of exchanges Software Threats and Vulnerability Management Monitoring activities and events Benchmarking Supervision, observation, Recording :Measuring ! 60
There is really a fourth aspect – it is the nature of the content of the trust transaction – if it is a product or process, material or processSome reference to nature of content in the trust relationship is needed and this allows discussion of open gov public data
The image is from the eBay reputation system
I think we have a mixed regime now – the bi conditional is the ideal future architecture but generally at the moment it holds one way or the other over particular transactions