Houjun Liu

privacy

“privacy as an individual right”

  • privacy is a control of information: controlling our private information shared with others
    • free choice with alternatives and informed understanding of what’s offered
    • control over personal data collection and aggregation
  • privacy as autonomy: your agency to decide for what’s valuable
    • autonomy over our own lives, and our ability to lead them
    • do you have agency?

“privacy as a social group”

  • privacy as social good: social life would be severely compromised without privacy
    • privacy allows social
  • privacy as a display of trust: privacy enables trusting relationships
    • “fiduciary”: proxy between you and a company
    • “should anyone who has access to personal info have a fiduciary responsibility?”

loss of privacy

aggregation

Through the loss of privacy, information can be piecemeal built up to understand somebody’s profile.

exclusion

Not knowing or understanding or control how our information being used.

secondary use

Using information for purposes not intended without permission.

trust

trust exposes people to the risk of being betrayed/let down. Differential privacy is used to anonomyze information. especially, for operation systems, each bug can have a massive impact because it impacts billions of users.

trust means to stop questioning the dependability of something; you become vulnerable to it”

trusting software is the task of extending your own AGENCY to a piece of software: “agential gullibility”.

examples:

  1. ios bug: alams didn’t go off
  2. printnightmare: printing caused remote code execution
  3. 2017 admin access without password
  4. eternalblue (caused wannacry)

key points

  • trust between different stakeholders are intertwined
  • trust is about extending agency
  • trust emerges through various pathways
  • we can design ways to partially substitute the need for trust

pathways to trust

trust by assumption

  1. trust absent any clues to warrent it due to timing
  2. trust because there is imminent danger

trust by inference

  1. trust based on information you had before
    • brands
    • affiliation
    • past performance
  2. trust in prior version of software

trust by substitution

  1. trust something, but having a fallback plan
  2. trust a system because there would be a backup system protecting you

scales of trust

scale of impact

  • a bug in an OS can be tremendously bad
  • “root access” — privileged aces

scale of longevity

  • people maybe on very very old OS
  • it requires keeping older OSes secure against modern technologies