In this paper we explore the extent to which privacy enhancing technologies (PETs) could be effective in providing privacy to citizens. Rapid development of ubiquitous computing and ‘the internet of things’ are leading to Big Data and the application of Predictive Analytics, effectively merging the real world with cyberspace. The power of information technology is increasingly used to provide personalised services to citizens, leading to the availability of huge amounts of sensitive data about individuals, with potential and actual privacy-eroding effects. To protect the private sphere, deemed essential in a state of law, information and communication systems (ICTs) should meet the requirements laid down in numerous privacy regulations. Sensitive personal information may be captured by organizations, provided that the person providing the information consents to the information being gathered, and may only be used for the express purpose the information was gathered for. Any other use of information about persons without their consent is prohibited by law; notwithstanding legal exceptions. If regulations are properly translated into written code, they will be part of the outcomes of an ICT, and that ICT will therefore be privacy compliant. We conclude that privacy compliance in the ‘technological’ sense cannot meet citizens’ concerns completely, and should therefore be augmented by a conceptual model to make privacy impact assessments at the level of citizens’ lives possible.
This paper argues online privacy controls are based on a transactional model of privacy, leading to a collective myth of consensual data practices. It proposes an alternative based on the notion of privacy coordination as an alternative vision and realizing this vision as a grand challenge in Ethical UX
This project researches risk perceptions about data, technology, and digital transformation in society and how to build trust between organisations and users to ensure sustainable data ecologies. The aim is to understand the user role in a tech-driven environment and her perception of the resulting relationships with organisations that offer data-driven services/products. The discourse on digital transformation is productive but does not truly address the user’s attitudes and awareness (Kitchin 2014). Companies are not aware enough of the potential accidents and resulting loss of trust that undermine data ecologies and, consequently, forfeit their beneficial potential. Facebook’s Cambridge Analytica-situation, for instance, led to 42% of US adults deleting their accounts and the company losing billions. Social, political, and economic interactions are increasingly digitalised, which comes with hands-on benefits but also challenges privacy, individual well-being and a fair society. User awareness of organisational practices is of heightened importance, as vulnerabilities for users equal vulnerabilities for data ecologies. Without transparency and a new “social contract” for a digital society, problems are inevitable. Recurring scandals about data leaks and biased algorithms are just two examples that illustrate the urgency of this research. Properly informing users about an organisation’s data policies makes a crucial difference (Accenture 2018) and for them to develop sustainable business models, organisations need to understand what users expect and how to communicate with them. This research project tackles this issue head-on. First, a deeper understanding of users’ risk perception is needed to formulate concrete policy recommendations aiming to educate and build trust. Second, insights about users’ perceptions will inform guidelines. Through empirical research on framing in the data discourse, user types, and trends in organisational practice, the project develops concrete advice - for users and practitioners alike - on building sustainable relationships in a resilient digital society.
The goal of UPIN is to develop and evaluate a scalable distributed system that enables users to cryptographically verify and easily control the paths through which their data travels through an inter-domain network like the Internet, both in terms of router-to-router hops as well as in terms of router attributes (e.g., their location, operator, security level, and manufacturer). UPIN will thus provide the solution to a very relevant and current problem, namely that it is becoming increasingly opaque for users on the Internet who processes their data (e.g., in terms of service providers their data passes through as well as what jurisdictions apply) and that they have no control over how it is being routed. This is a risk for people’s privacy (e.g., a malicious network compromising a user’s data) as well as for their safety (e.g., an untrusted network disrupting a remote surgery). Motivating examples in which (sensitive) user data typically travels across the Internet without user awareness or control are: - Internet of Things for consumers: sensors such as sleep trackers and light switches that collect information about a user’s physical environment and send it across the Internet to remote services for analysis. - Medical records: health care providers requiring medical information (e.g., health records of patients or remote surgery telemetry) to travel between medical institutions according to specified agreements. - Intelligent transport systems: communication plays a crucial role in future autonomous transportation systems, for instance to avoid freight drones colliding or to ensure smooth passing of trucks through busy urban areas. The UPIN project is novel in three ways: 1. UPIN gives users the ability to control and verify the path that their data takes through the network all the way to the destination endpoint, both in terms of hops and attributes of routers traversed. UPIN accomplishes this by adding and improving remote attestation techniques for on-path routers to existing path verification mechanisms, and by adopting and further developing in-packet path selection directives for control. 2. We develop and simulate data and control plane protocols and router extensions to include the UPIN system in inter-domain networking systems such as IP (e.g., using BGP and segment routing) and emerging systems such as SCION and RINA. 3. We evaluate the scalability and performance of the UPIN system using a multi-site testbed of open programmable P4 routers, which is necessary because UPIN requires novel packet processing functions in the data plane. We validate the system using the earlier motivating examples as use cases. The impact we target is: - Increased trust from users (individuals and organizations) in network services because they are able to verify how their data travels through the network to the destination endpoint and because the UPIN APIs enable novel applications that use these network functions. - More empowered users because they are able to control how their data travels through inter-domain networks, which increases self-determination, both at the level of individual users as well as at the societal level.
