|
The
NSF-NWO 2015 Privacy Workshop was organized on behalf of the National Science
Foundation (NSF) and the Netherlands Organisation for Scientific Research
(NWO) on October 2 and 3 2015. It was hosted in Washington DC by Carnegie
Mellon University’s Heinz College and focused on privacy research in the
cyber domain. Synopsis and Objectives
For
this workshop, jointly funded and organised by the US National Science
Foundation (NSF) and the Netherlands Organisation for Scientific Research
(NWO), about one dozen scientists per country were invited both from the
United States and from the Netherlands. Supported by NSF and NWO, Alessandro
Acquisti from Carnegie Mellon University and Jaap-Henk Hoepman from Radboud
University and Privacy & Identity Lab drew the outlines of the workshop
program. Given the interdisciplinary nature of this type of research,
scientists skilled in areas like computer science, legal, ethical, social,
and economic aspects of privacy were invited to participate. The
objective of the workshop was to help build long-term research collaboration
among scientists from the two countries, who are studying technical and
social aspects of privacy in relation to cyberspace. The ultimate goal was to
form mixed groups of United States and Dutch scholars who by the end of the
workshop produced joint research outlines, with the potential to grow into
full proposals to be submitted to a NSF-NWO Call for Proposals. Formal
basis for this joint Call for Proposal is a Memorandum of Understanding (MoU)
signed by the NSF and the NWO. From a thematic point of view this call is
associated with themes 1 and 5 of the Dutch National Cyber Security Research
Agenda (NCSRA II), basis for NWO’s cybersecurity program, and the Secure and
Trustworthy Cyberspace (SaTC) program of the NSF. Themes
On
the first day of the workshop, participants first presented their own ongoing research. After the introduction
participants were engaged in tasks designed to stimulate the formation of
teams of United States - Netherlands researchers. Several rounds of “speed
dating” were held, including a brainstorm on novel research ideas. The second day of the workshop included discussions in four
break‐out groups generating ideas for research proposals around four major themes as well as determining whether topics are
missing. These themes, combined
with topics formulated during the workshop could be a starting point for
collaborative research: 1. Identity on the digital stage This
theme included various research topics: -
The normative notions of identity, particularly from
the perspective of – but not restricted to – the rise of digital persons,
i.e., the ‘data shadows’ of real-life persons in digital sets of data. -
Technical approaches towards identity and
identity-management, and how data protection rights and Privacy Enhancing
Technologies can help and support individuals to manage their online
identities throughout life -
Map ‘privacy disasters’: in what ways, and to what
extent, do individuals and society suffer from technical, organisational, or
legal errors that hamper their right to privacy? -
Mobile devices such as GSM phones, PDA’s, RFID,
offer a technological platform which can help solving the problems of ID
management for the roaming user. They can be employed as trusted control
interface for applications using personal and privacy sensitive information,
and can help support the user to manage their online identities. The concrete
objective is the development of the essential elements of an architecture
(trust framework) for secure and realistic identity management solutions for
mobile devices. 2. Beyond data minimisation Current
approaches to privacy protection (both technical and legal) have largely
focused on minimising the amount of personal data being collected. This is
problematic for platforms that are actually deployed to promote the sharing
of personal data (like social networks), and equally problematic for the use
of behavioural data to personalize services or improve their performance.
Similarly there are so-called Big Data applications where allowing the use of
personal data may benefit society as a whole (like for example medical
research). But clearly any risk in the use of personal data in these
applications need to be controlled. Research in this domain aims to develop a
better understanding of the issues involved and to propose solutions to
mitigate risks. 3. The confluence of the real and the virtual The
Internet of Things is nothing new. Yet the imminent confluence of cyberspace
and physical space into one ambient intelligent system still poses fundamental
research challenges in the area of security, privacy and trustability. In
particular the conceptualisation of identity in such an ‘ambient intelligent’
world deserves further study. How much of my identity is constructed
consciously, and how much of it is constructed autonomously? Privacy
protection in the Internet of Things involves much more than dataminimisation
techniques like using pseudonyms and the like. In fact, the vision of an
Internet of Things that intelligently supports us in our day to day
activities needs to collect large amounts of personal information. The
challenge is to accommodate this need for personal data, while maintaining
privacy guarantees. Legal protection of individuals against (state)
intervention is partly based on space (e.g. inviolability of the home).
Technology increasingly obliterates the distinction between private and
public space and thus poses challenges to the privacy of individuals. 4. Understanding and constructing privacy How
to construct privacy, both from a technical and a non-technical perspective,
especially taking differences in legal regimes and ethical norms across the
world into account. Improve the understanding of the meaning of privacy given
the current changes in society. Study methods to build more privacy friendly
systems, based on privacy by design, and regulation by technology. Also study
the organizational dimensions of privacy (such as organisational embeddedness
of privacy impact assessments and determination of risk associated with
privacy within organisational contexts) and participatory design methods
including a multitude of stakeholders. Study how the balance between security
and privacy can be regulated by technology alone through, for example, the
concept of “revocable privacy”. Agenda
October 2 Friday 12:00 Lunch 13:30
Welcome + Agenda + Organisational remarks 13:40
Introductory presentations by NSF and NWO: roles, background and objectives 14:00 Introductory
presentations by all participants (6 min each) 16:00 Coffee break 16:30
Introductory presentations by all participants (continued) 17:20
Speed dating Part 1 18:20
Round up - assigning groups for parallel sessions on Saturday 18:30 Adjourn 19:00 Dinner at
the Hotel George (15 E St NW, Washington, DC 20001) October 3 Saturday 8:00 Breakfast 9:00
Speed dating Part 2 9:45
Breakout into 4 parallel discussion groups - Identity on the digital stage - Beyond data minimisation - The confluence of the real and the virtual - Understanding and constructing privacy 11:00 Coffee break 11:30
Plenary presentation of results breakout discussion groups 12:00
Identification and brief description of missing themes 12:30
Round up, summary and consolidation of themes 12:40 Further
steps 13:00 Lunch Materials
1. Presentation slides (zip file) 2. Draft notes from the workshop and short
reports from the break-out sessions (doc file) 3. Breakout discussion photos (pdf file) 4. Speed dating photos (pdf file) Participants
|
Organizers Jeremy Epstein, NSF Jan Piet Barthel, NWO Alessandro Acquisti, CMU Jaap-Henk Hoepman, RUN |