Equitable privacy

公平的隐私

• 批准号: EP/W025361/1
• 负责人: Awais Rashid
• 金额: $ 129.56万
• 依托单位: University of Bristol
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2022
• 资助国家: 英国
• 起止时间: 2022 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FW025361%2F1
• 关键词: Equitable; privacy

Digital technologies are becoming pervasive in society, from online shopping and social interactions through to finance, banking, transportation. With a future vision of smart cities, driven by a real-time, data-driven, digital economy, privacy is paramount. It is critical to engendering trust in the digital fabric on which society relies and is enshrined as a fundamental human right in the Universal Declation of Human Rights and regulations such as GDPR. Significant efforts have been made -- end-to-end encryption, anonymous communication, privacy nutrition labels in iOS and Android -- to provide users with more agency in understanding, controlling and assuring the way their data and information is processed and shared.However, this ability to control, understand and assure is not equitably experienced across society. Examples include individuals from lower-income groups who have to share devices to access services that may include sensitive information or victims of intimate partner violence whereby an innocuous app (such as find my phone) or digital device (such as a smart doorbell) may be used to monitor their activities and who cannot use online reporting tools for fear of traceability. Such vulnerable and marginalised populations have specific privacy and information control needs and threat models whereby different types of privacy controls may serve as both protection mechanisms and attack vectors. These needs and requirements are not typically foregrounded to software developers. The challenge is compounded by the fact developers are neither privacy experts nor typically have the training, tools, support and guidance to design for the diverse privacy needs of marginalised and vulnerable groups.We argue that, for privacy to be of meaningful and equitable value in our pervasive digital economy, everyone must be able to easily control how they share personal information, understand with whom they are sharing it, and ensure that sharing is limited to the intended purpose.The project will work hand-in-hand with third sector organisations supporting such communities to develop:New methods: a threat modelling approach, supported by a set of threat catalogues, that enables different "modalities" of protection logic whereby one can switch attackers, contextualise the vulnerabilities and acknowledge different types of controls as both protection mechanisms and attack vectors.New digital tools: a privacy-in-use nutrition framework that promotes privacy-literacy in vulnerable and marginalised populations, identifies privacy concerns in-use and facilitates developer responses built through new application programming interfaces and evaluated through novel metrics supporting equitable privacy.New processes: co-created, stakeholder-led revisions to the AREA framework for Responsible Innovation to lend structure to the way in which individuals, teams, and organisations approach deep thinking about equitable digital futures.Our research will make the privacy needs of marginalised and vulnerable populations first-class considerations in designing and developing software applications and services to enable equitable privacy experiences. This, in turn, will enable universal privacy responses to work together and support particular responses to privacy issues experienced by vulnerable users.

数字技术在社会中变得越来越普遍，从网上购物和社交互动到金融，银行，交通。随着智能城市的未来愿景，由实时，数据驱动的数字经济驱动，隐私至关重要。这对于在社会所依赖的数字结构中建立信任至关重要，并在《世界人权宣言》和GDPR等法规中被视为一项基本人权。我们已经做出了巨大的努力--端到端加密、匿名通信、iOS和Android中的隐私营养标签--为用户提供更多的代理权，以理解、控制和确保他们的数据和信息被处理和共享的方式。然而，这种控制、理解和确保的能力并没有在整个社会得到公平的体验。例子包括来自低收入群体的个人，他们不得不共享设备以访问可能包含敏感信息的服务，或亲密伴侣暴力的受害者，其中无害的应用程序（如查找我的手机）或数字设备（如智能门铃）可用于监视他们的活动，以及由于担心可追溯性而无法使用在线报告工具的人。这些脆弱和边缘化的人群有特定的隐私和信息控制需求和威胁模型，不同类型的隐私控制可以作为保护机制和攻击载体。这些需求和要求通常不会被软件开发人员所关注。开发人员既不是隐私专家，也没有专门的培训、工具、支持和指导来设计满足边缘化群体和弱势群体的各种隐私需求，这一事实加剧了挑战。我们认为，为了让隐私在我们无处不在的数字经济中具有有意义和公平的价值，每个人都必须能够轻松控制他们如何分享个人信息，了解他们与谁分享信息，并确保共享仅限于预期目的。该项目将与支持这些社区的第三部门组织携手合作，开发：一种威胁建模方法，由一组威胁目录支持，使不同的“模式”的保护逻辑，从而可以切换攻击者，分析漏洞的背景，并将不同类型的控制措施视为保护机制和攻击媒介。新的数字化工具：一个使用中的隐私营养框架，促进弱势和边缘化群体的隐私扫盲，识别隐私问题-使用并促进开发人员通过新的应用程序编程接口构建的响应，并通过支持公平的新指标进行评估隐私。新流程：共同创建，由企业主主导的对责任创新区域框架的修订，为个人，团队和组织深入思考公平的数字未来提供结构。我们的研究将使边缘化和弱势群体的隐私需求成为设计和开发软件应用程序和服务的首要考虑因素，以实现公平的隐私体验。反过来，这将使普遍的隐私响应能够协同工作，并支持对易受攻击的用户所遇到的隐私问题的特定响应。

项目成果

ExD: Explainable Deletion

• DOI: 10.1145/3633500.3633503
• 发表时间: 2023-08
• 期刊: Proceedings of the 2023 New Security Paradigms Workshop
• 作者: K. Ramokapane;A. Rashid