Personal Information Agent

From MgmtWiki
Revision as of 07:01, 27 October 2020 by Tom (talk | contribs) (Context)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Full Title or Meme

Support for a personal assistant to help users control access to their personal information.

Context

  • The operating assumption on this page is that users want to delegate part of the decisions about releasing the personal data to an agent that operates solely on their behalf.
  • Another assumption is that a large majority of users would not toleration interruptions every time some element of their personal information was accessed.
  • Relationships on the internet are mostly Asynchronous where users would like to have some privacy, but demand that organization a fully transparent about themselves and the motives in accumulating user personal information. This page is concerned solely with natural persons and their desire to not have all of their personal information on display to all enterprises where they interchange information.
  • Researchers at Carnegie Mellon University's CyLab Security and Privacy Institute assessed the degree of autonomy that people would feel comfortable giving to personalized privacy assistants (PPAs).[1] The team surveyed users on three increasingly autonomous versions of PPAs; most participants reacted positively to the first version, which would simply let users know that devices were around them, while a few said it would make them anxious. A second version that knows users' personal privacy preferences, and makes recommendations from that information, also found wide favor, while the third PPA, which would exclude users from decision-making entirely, provoked mixed reactions. CyLab's Jessica Colnago said, "We found that people are definitely interested in having some sort of assistance like that provided by a PPA, but what that assistance looks like varies across the board. In different scenarios with different people, they want different ways of interacting with the system.”

Problems

  • Decentralized IDs were created to give user's control of their identifiers, but at the cost of posting those identifiers on a publicly resolvable public ledger. The result is that any usage of the the DID can be correlated with any other use of the same DID. Once sufficient correlations have been accumulated against that DID, the person is uniquely identifiable.
  • Most identifier authentication services on the web now offer a Service Endpoint that can provide information about the identifier. If the user is hosting their identifier on there smartphone, no service endpoint on that phone could be always available for query.
  • Nearly all of the privacy solution require users to keep separate track of identifiers used in public and private settings. This is not likely to be acceptable to the majority of users if we don't also give them an agent that can track all of their relationships and the identifier that they use for that relationship.

Solutions

Any solution that met the context described above would need to have an agent that was responsible to, and trusted by, the person that owned the personal data.

Personal Smartphone Agent

Web based Agent

References

  1. Daniel Tkacik, How Much Control Are People Willing to Grant to a Personal Privacy Assistant? (2020-06-18) Carnegie Mellon University CyLab Security and Privacy Institute https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-25b42x32309fx079946&