Bettina BerendtKU Leuven

.

Interdisciplinary Workshop on Data Privacy 2015, Maynooth, 28/09/ 2015

TOMORROW'S AGENTS, TOMORROW'S SPIES:

ON TEACHING PRIVACY FROM WITHIN COMPUTER SCIENCE

A README FOR THESE SLIDES:

* REFERENCES AT THE END* PICTURE CREDITS IN THE COMMENTS FIELD

Technology

Law

Politics

Education

Click icon to add picture

On being a coach for the Pacific Rim Collegiate Cyber Defence Competition

... They are sponsoring this because they want to build tomorrow‘s cyber warriors today ... CIA [, SPAWAR, and Microsoft] were recruiting. ... “defend the nation“, the whole thing was framed in terms of war and attacking systems ... and the greatness of this way of thinking. ... They were ... trying to rile people up into a sort of patriotic fervor.

J. Appelbaum, in Cypherpunks, 2012

CONCERN

I HAVE NOTHING TO HIDE

“I say that whoever trembles at this moment is guilty; because innocence never fears public surveillance.”

I CANNOT DO ANYTHING

I CANNOT DO ANYTHING

WHAT DOES THIS MEAN?

WHAT DOES THIS MEAN?

1. I GIVE YOU A SOCIALLY DESIRABLE ANSWER TO MASK MY INDIFFERENCE ONE APPROACH: BERENDT ET AL., 2014

2. I DON‘T KNOW HOW TO SELF-DEFEND ONE IDEA: BERENDT ET AL., 2015

3. I DON‘T UNDERSTAND THE DYNAMICS

4. I TRIED SOMETHING ONCE AND IT DIDN‘T WORK. ?5. IT‘S REALLY TOO LATE. ?

WHAT DOES THIS MEAN?

1. I GIVE YOU A SOCIALLY DESIRABLE ANSWER TO MASK MY INDIFFERENCE ONE APPROACH: BERENDT ET AL., 2014

2. I DON‘T KNOW HOW TO SELF-DEFEND ONE APPROACH: BERENDT ET AL., 2015

3. I DON‘T UNDERSTAND THE DYNAMICS

4. I TRIED SOMETHING ONCE AND IT DIDN‘T WORK. ?5. IT‘S REALLY TOO LATE. ?

WHAT DOES THIS MEAN?

1. I GIVE YOU A SOCIALLY DESIRABLE ANSWER TO MASK MY INDIFFERENCE ONE APPROACH: BERENDT ET AL., 2014

2. I DON‘T KNOW HOW TO SELF-DEFEND ONE APPROACH: BERENDT ET AL., 2015

3. I DON‘T UNDERSTAND THE DYNAMICS

4. I TRIED SOMETHING ONCE AND IT DIDN‘T WORK. ?5. IT‘S REALLY TOO LATE. ?

WHAT DOES THIS MEAN?

1. I GIVE YOU A SOCIALLY DESIRABLE ANSWER TO MASK MY INDIFFERENCE ONE APPROACH: BERENDT ET AL., 2014

2. I DON‘T KNOW HOW TO SELF-DEFEND ONE APPROACH: BERENDT ET AL., 2015

3. I DON‘T UNDERSTAND THE DYNAMICS

4. I TRIED SOMETHING ONCE AND IT DIDN‘T WORK. ?5. IT‘S REALLY TOO LATE. ?

LEARNEDHELPLESSNESS

CYBERNETICS

"What are you doing there?“"I am drinking,"

"Why are you drinking?" “So that I may forget-"

"Forget what?""Forget that I am

ashamed.""Ashamed of what?"

"Ashamed of drinking!"

I CANNOT DO ANYTHINGBUT YOU DO THINGS ALL THE TIME !

SOME EXAMPLES

A service has to be free.

I have to makemoney in some other way.

Let‘s studythis new typeof economy.

I am posting this importantinformation on FaceTwitGram only.

I should do thesame (and adda selfie).

The propertiesof this hugegraph are trulyamazing –and I‘ll build toolsto support usage.

MOOCS andlearning analytics- the future ofLearning?!

We can discuss the homework on WhatsThatand meet again on HangOn.

All my contactsare on WhatsThatand Pookle.

I CANNOT DO ANYTHING

QUESTIONS

• Goals• Priorities• Constraints

• Financial• Institutional • ...

What can we change – in which role?

(more on this question in Berendt, Büchler, & Rockwell, 2015)

I CANNOT DO ANYTHING.OFTEN TRUE!BUT WE CAN.

APPROACH

(BERENDT & COUDERT, 2015)

To change their expectation and to recover the dogs from helplessness, experimenters had to physically pick up the dogs and move the legs in a close replication of the physical actions the dogs needed to take to remove themselves from the electrified grid. This had to be replicated at least 2 times before the dogs would exhibit the functional response of jumping over the barrier to get away from the electrified grid. Threats, rewards, and observed demonstrations had no observed effect in helping the dogs to independently move away from the shocks.

Context: 2 Comp.Sci. Masters coursesPrivacy and Big Data (course director: Claudia Diaz)

Knowledge and the Web(course director: Bettina Berendt)

Definitions of privacy,Overview of PETs

Semantic Web + Linked Open Data

Legal issues in privacy and data protection (Fanny Coudert, N. Bertels)

Ontology mapping

Database anonymization: K-anonymity, l-diversity, t-closeness;de-anonymization attacks

Data quality

Differential privacy Knowledge Discovery, Web MiningBig Data, AI, and privacy

Data mining and privacy, privacy-preserving DMData mining and discrimination, discrimination-aware DM

Privacy Impact Assessment (PIA) and Design Advice

“5 steps to PbD“

PaBD students KaW studentsDevelop data-analysis project

Specify an app FeedbackPIA and Design advice (text)

Oral presentation FeedbackFinalise data-analysis project, describe (briefly) approach to privacy problems

Example data-analysis design

Drinking is Belgium’s favorite pastime activity, survey finds A recent survey asked 20 regular pubgoers for their hobbies. The result: Almost all of them answered that the later the evening, the more likely they are to be in a pub! Parents and doctors are in shock. A concerned citizen raised the question whether this was a representative study, but was dismissed by the organization that paid for the study.

Stakeholders• Concerned citizen […]• Doctors […]• Parents […]• Pubgoers […]

HypothesisThe pubgoers wonder if their pubgoing habits are common or not. They want to know whether other people are also more likely to be in pubs as the evening progresses.

DataThe public Foursquare API allows us to retrieve much of the data we need. The Venues endpoint supports querying the amount of people currently checked in in a venue. If we monitor the most popular bars at a certain location, […]

Example app designThe pub goers health is the first concern of our app and we want to help them keep track of their activities. By installing our app, the pub goer will receive an alert if his/her behaviour is risky, for example if the person goes to a pub more than 3 days a week the person receives a warning. In addition this app will help different organizations which study the behaviour of the pub goers to have a more representative population and as a result their study would reach to a less biased conclusion which is good for everyone in the society. And at last, the app will give parents the means to have a better guidance over their children.For this purpose, an app in foursquare developer environment will be created to be connected to the participant's foursquare account. Then, he/she will be asked to authorize this app on his smartphone’s foursquare app. Whenever the user goes to a pub the app checks him/her in automatically, the app will send the info of the user to the server. By comparing the user’s location with the different pubs and analysing the data, it can be seen how the participant's trend of behaviour is popular in the city and among pub goers.updated stakeholders:Stakeholder 1: The pubgoersStakeholder 2: The third party companies that receive the anonymized data from the main research company.Stakeholder 3: (app designer): The research company that conducts the research bydeveloping the app Stakeholders 4) (external parties): parents

Guidelines for initial privacy impacts assessment and related design advice (excerpts)

1) Describe information flows

2) Identify the drivers each party (the different stakeholders) has in disclosing, collecting, using, sharing the information

3) Identify how the app will impact individuals’ privacy (describe briefly what kind of problem can arise). You can give a “story”, e.g. a possible misuse case.[…] take into account two elements: (1) the privacy expectation of the individual whose data is being processed and (2) the purpose for which the data is being processed (goals of your application).

4) How would you advise developers to limit the impact on individuals’ privacy?• Data minimization:

• how do you limit data collection to what is strictly necessary for the purpose of the processing?

• Do you anonymize the data and how?• Use limitation (further uses):

• In relation to the inferences drawn from the data (generation of new knowledge), to what extent this use of the data aligns with the consent initially given by individuals (reasonable expectations of individuals)?

AnonymizationEncryption

Privacy-preserving data mining

I build a system.

This makes mehave expectationsof privacy.

I provide adata analysisthat enablesthis system.

The system (and my expectations and behaviour) have impacts on my privacy.

Example analysis and advice

Conclusions, limitations, outlook

- Good presentations & discussions, much insight gained

- Analysis not perfect, data flows a bottleneck

- Early modellling choices could be privacy-unfriendly & sticky

- Method a bit “discursive“ for engineers?!

- Also tried with CS practitioners, fixed case study, consultants only (Pagona Tsormpatzoudi, PRIPARE)

- Future: use that approach also in class

PRIVACY BEGINS AT HOME

Title Arbeitsauftrag (Vorschlag)

Crypto Wars (Helmut & Bernhard)

Entwickeln Sie Ideen, wie eine Unterrichtsreihe zu Crypto Wars gestaltet werden kann.

Encrypted chats (Andreas Gra)

Entwickeln Sie Ideen für eine Unterrichtsreihe zu Ende-zu-Ende verschlüsselter Kommunikation mit Messangern.

I can‘t do anything – yes, you can! (Bettina)

Welche realistischen Handlungsoptionen und Verantwortlichkeiten gibt es?Wie können Schüler/innen und Lehrer/innen dafür sensibilisiert werden?

Tying it all together -The missing links(Alexander)

Was fehlt?

Big Data (Andreas Gri) Wie betrifft uns Big Data? Was kann das für den Unterricht bedeuten?

Data collection industry and fundamental rights (Gebhard)

Wie können wir dieses Thema adäquat im (insb. Informatik-)Unterricht behandeln? Wie sollten ggf. Materialien angepasst werden? Wie gehen wir mit der Herausforderung der Interdisziplinarität dieses Themas um?

PS: We managed to solve this within 8 days after the

workshop (and learned lots in the process) – work is ongoing

?

Technology

Law

Politics

Education

REFERENCES

p. 7: Thanks to Geoffrey Rockwell for the inspiration to use this slide in such a context:Rockwell and Sinclair (2014). Watching out for the Olympians! Reading the CSEC Slides. Paper submitted for review. An early draft can be found at http://theoreti.ca/?p=5057

p. 9: Assange, J., with Appelbaum, J., Müller-Maguhn, A., & Zimmermann, J. (2012). Cypherpunks. Freedom and the Future of the Internet. OR Books.

p. 16: Berendt, B., Dettmar, G., Demir, C., & Peetz, T. (2014). Kostenlos ist nicht kostenfrei. oder: If you're not paying for it, you are the product. LOG IN, 178/179, 41-56. http://people.cs.kuleuven.be/%7Ebettina.berendt/Papers/berendt_dettmar_demir_peetz_2014.pdf

p. 17: Berendt, B., Dettmar, G., Esslinger, B., Gramm, A., Grillenberger, A., Hug, A., & Witten, H. (2015). Datenschutz im 21. Jahrhundert - Ist Schutz der Privatsphäre (noch) möglich? [Data protection in the 21st century - is the protection of privacy (still) possible?] In J. Gallenbacher (Ed.), Informatik allgemeinbildend begreifen. INFOS 2015; 16. GI-Fachtagung Informatik und Schule. Darmstadt, Germany, 20-23 September, 2015 (pp. 33-42). Lecture Notes in Informatics (LNI), Gesellschaft für Informatik, Bonn. http://www.infos15.de/GI_Proceedings_Band-249_incl.pdf

p. 20: The classical experiment on Learned Helplessness isSeligman, M.E. & Maier, S.F. (1967). Failure to escape traumatic shock. Journal of Experimental Psychology, 74(1), 1-9.

p. 22: Antoine de Saint-Exupéry. The Little Prince.

p. 30:Berendt, B., Büchler, M., & Rockwell, G. (2015). Is it research or is it spying? Thinking-through ethics in Big Data AI and other knowledge sciences. Künstliche Intelligenz, 29(2), 223-232. http://people.cs.kuleuven.be/~bettina.berendt/Papers/berendt_buechler_rockwell_KUIN_2015.pdf

p. 32: Berendt, B. & Coudert, F. (2015). Privatsphäre und Datenschutz lehren - Ein interdisziplinärer Ansatz. Konzept, Umsetzung, Schlussfolgerungen und Perspektiven. [Teaching privacy and data protection - an interdisciplinary approach. Concept, implementation, conclusions and perspectives.] In Neues Handbuch Hochschullehre. [New Handbook of Teaching in Higher Education] (EG 71, 2015, E1.9) (pp. 7-40). Berlin: Raabe Verlag.

p. 34: cited from https://en.wikipedia.org/wiki/Learned_helplessness, 26 September 2015.

p. 39: Coudert, F.; Berendt, B. (2014): Guidelines for initial privacy impact assessment and related design advice. http://people.cs.kuleuven.be/~bettina.berendt/teaching/kaw/guidelines.pdf see also the extensive treatment inWright, D. & De Hert, P. (Eds.) (2012). Privacy Impact Assessment. Berlin etc.: Springer. Law, Governance and Technology Series 6.