Lift Asia09 Morin
-
Upload
university-of-geneva -
Category
Technology
-
view
595 -
download
0
description
Transcript of Lift Asia09 Morin
Lift Asia, Sept 16-17, 2009
Lift Asia 09 Jeju, Korea
Jean-Henry Morin University of Geneva – CUI
Dept. of Information Systems
[email protected] http://jean-henry.com/
J.-H. Morin
New Media Warrants New Thinking
© Chappatte in "Le Temps" (Geneva), Jan 21, 2006
J.-H. Morin
How did we get here… … a dystopian scenario ?
http://www.flickr.com/search/?q=DRM
J.-H. Morin 4
Remix et ©
Mannie Garcia, 2006 Shepard Fairey
Universal Music VS dancing toddler
VS
J.-H. Morin
Where did we go wrong?
• Where did User Experience go ?
• Where did Superdistribution go ?
• Where are the innovative Business Models, the Real-time Marketers, etc. ?
• Did DRM curb those that it meant ?
• Wasn’t DRM supposed to be an enabler ?
J.-H. Morin 6
Can we finally make DRM “FUN” (i.e., User Friendly ;-) ?
• Assuming : • DRM is likely to stay and be needed (managed content) • Absolute security is neither achievable nor desirable
• Given the right User Experience and Business Models most users smoothly comply (e.g., iTunes)
• Most users aren’t criminals
• We needed to take a step back to : • Critically re-think DRM • Reconsider the debate outside the either/or extremes of
total vs. no security • Re-design DRM from ground up
J.-H. Morin 7 7
Rethinking & Redesigning DRM
• Acknowledge the Central role of the User and User Experience • Reinstate Users in their roles & rights • Presumption of innocence & the burden of proof
• Fundamental guiding principle to Rethink and Redesign DRM : Feltens’ “Copyright Balance” principle (Felten, 2005)
“Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted
material should not be prevented from doing so by any DRM system.”
• Claim and Proposition : • Put the trust back into the hands of the users • Reverse the distrust assumption • Requires a major paradigm shift
J.-H. Morin 8 8
Rethinking & Redesigning DRM (cont.)
• Exception Management in DRM environments, mixing water with fire ? Not necessarily !
• Reversing the distrust assumption puts the user “in charge”, facing his responsibilities
• Allow users to make Exception Claims, granting them Short Lived Licenses based on some form of logging and monitoring
• Use Credentials as tokens for logging to detect and monitor abuses
• Credential are Revocable in order to deal with abuse and misuse situations
• Mutually acknowledged need for managed content while allowing all actors a smooth usability experience
(Morin and Pawlak, 2007, 2008); (Morin 2008, 2009)
J.-H. Morin 9
Exception Management in DRM Environments
• What is an Exception ? • A claim made by a user wishing to rightfully access /
use content • Based on « real world » credential patterns
• Delegation model based on chained authorities • Credential authorities closer to the users • Locally managed and held by users (credential store) • Short lived or fixed life time • Revocable • Late binding (enforcement point)
• Model is auditable for abuse and includes revocation capabilities • Burden of proof on the party having a justifiable reason
to claim abuse (presumption of innocence) • Monitoring in near real time of security policies
(Morin and Pawlak, 2007, 2008); (Morin 2008, 2009)
J.-H. Morin 10
A “Serious” problem in Social Networks and Services
Socially-Responsible Management of Personal Information • Personal Information
• Different from Personally Identifying Information (PII) • Subject to legal frameworks in most countries
• Increasingly shared on social networks • Blurring boundaries between private and public life
Legitimate concern (i.e., rights) over our information in terms of lifetime, usage purposes, access, etc.
J.-H. Morin 11
Problems and Issues
• Publish / share once, publish / share forever • Indexing and searching
• Who “owns” and manages YOUR information (SLAs) ? Raging debates. • Who’s information is it ? • Do you retain control ?
• Semantic searching capabilities
J.-H. Morin 12
The Right to Forget
• Right to Forget : fundamental human right threatened by the digital nature of information (i.e., searchable)
• Traditional Media (i.e., non digital) “Memory” erodes over time • Labor and cost intensive
• Digital Media, requires explicit human intervention to “make forget” information (Rouvroy, 2007)
J.-H. Morin 13
Anonymity and Privacy
• Anonymity and Privacy are fundamental to social networking • It’s not a “bug”, it’s a feature ! • It’s not schizophrenia !
• Multiple legitimate personas (e.g., work, family, communities, etc.)
• How do we deal with it in a socially-responsible and ethically sustainable way ?
• Cyber bullying (e.g., Akple in Korea)
Requires traceability and accountability of information (i.e., managed information)
J.-H. Morin 14
Key Question
• Is Privacy and personal information threatened by current social networking services ?
• We contend there is a need for Managed Personal Information • Socially-responsible and sustainable
How can we retain an acceptable (by all) level of control over our personal information ?
J.-H. Morin 15
Proposition
• Personal Information should be augmented with a layer accounting for its management
• Alongside other metadata increasingly used in addressing the semantic dimension of our electronic services
• We argue DRM combined with Exception Management may be a promising path towards : • Socially-Responsible management of personal
information in social networks and services
(Morin, 2009)
J.-H. Morin 16
Conclusion
• Can DRM “go green” before we all “go dark” ?
• If so, we might be able to address some “Serious” societal issues while having “Fun” along the way !
J.-H. Morin 17
Security is bypassed not attacked
Inspired by Adi Shamir, Turing Award lecture, 2002
Jean-Henry Morin University of Geneva – CUI
Dept. of Information Systems
[email protected] http://jean-henry.com/
귀하의 관심에 감사드립니다
Thank you