This wiki service has now been shut down and archived

From ESIWiki

Trust and Security in Virtual Communities

Fourth Workshop: Rights Management for eScience Data

Oxford, 28th October

Location: Oxford e-Research Centre

"Digital Rights Management" has had a very poor press. Of course, it generally refers to techniques used by media companies - creators of digital music or movie files - to prevent unfettered copying of their content. DRM's bad press deserves taking seriously, and perhaps my topic here needs an entirely new name, as a result!

However, the same kind of ideas have much broader potential, with goals that many would judge much more socially-relevant:

• Various software vendors have toyed with "self-destructing email" which cannot be forwarded to third parties, and documents which cannot be opened outside a certain company's intranet. These are typically very weak protections right now, but they point to real needs that many people have.

• There are many scenarios in which self-destructing data is quite desirable: whether to avoid forensic analysis by attackers (erase your hard disc before disposal), or to avoid violation of privacy (by employing the digital equivalent of a shredder, as soon as data has been put to the use it was intended for), or, indeed, to simplify regulatory compliance (though regulators are increasingly requiring long-term retention of logs).

• When I upload a photograph to Picassa, or Flickr, or Facebook, I immediately loose control over it: anyone (typically either "friends" or "world") may take a copy, and re-export the photo to another photo sharing site -- now accessible to their "friends" rather than merely mine. I might not wish this to happen -- perhaps because it violates my copyright; perhaps because it leads to potentially sinister uses for family photos; perhaps just because it is another invasion of my privacy.

• Concerns about, say, experimental data, or software, are quite similar to those described above for personal photographs. In some kind of collaborative project context, I may wish to share movable resources, but retain control over their use: whether simple copy protection, or more elaborately, that they might be used with some software and not with other software; that those permissions might expire in time, or when the collaboration ends.

• A particular case of the above arises in short-term medical collaborations: many parties may have short-term access to patient notes; we would wish to ensure that such access is limited to the proximate purpose of the case conference.

• Certain such applications have added complexities of regulatory compliance - which may require strong logging and audit capabilities - or the data itself might need to be held in long-term archival storage, with the expectation that an authorized party extracting data from the archive should be able to access the protected data (so, for example, an ephemeral encryption used for my holiday photos might not be suitable for attaching controls to clinical trials data - but some control is likely to be necessary!).

The objective of this workshop was to explore eScience applications which may benefit from rights management solutions, software and systems which are working towards delivering this, and to evaluate the successes and failures of those who have already attempted such applications. To be workable, such solutions probably need to inter-work with existing authorization regimes.

Speakers (with presentations and summaries)

David Chadwick, University of Kent Media:OxfordTrustWshop-Chadwick.pdf

The EC TAS3 project is researching the use and deployment of sticky policies. These are security policies that "stick" to the data they control, whether by cryptographic or other means. TAS3 is concerned primarily with sticky policies for Personal Identifying Information (PII), that will stick with the PII whilst it is transferred throughout cyberspace. But the concepts and mechanisms will apply to any data, not just PII. In many ways sticky policies are related to DRM, but with one difference. In DRM the data supplier assumes the customer is the bad guy who wants to rip it off. In privacy protection we assume that the PII recipient is a good guy that wants to enforce data protection laws, but who currently finds it an onerous thing to do. We assume that organisations will readily accept sticky policies if they give them the chance to automatically enforce both data protection legislation and customers' privacy policies. This will reduce an organisation's costs of legal compliance and also offer them a low cost way of providing user-centricity and choice.

Pete Burnap Cardiff University

SPIDER project.

John Ainsworth Manchester University

E-Health projects; requirements Media:JA-DRM-ox-esi.ppt

Graham Vowles Ordnance Survey

Geo Rights Management (GeoRM)media:EScience-RightsManagement-GrahamVowles.ppt

In this presentation we discuss some of the work done by the Geo Rights Management Working Group which is part of the Open Geospatial Consortium.

Adrian Pickering Southampton University media:Pickering-integrity.pdf

Society has widely adopted use of electronic data without sufficient attention to the problems of non-repudiation (NR). A universal, transparent scheme is needed to replace the traditional paper-based model that people are familiar with. A registration scheme is proposed that uses a network of registration servers run in a way that is robust to legal and technical challenge. Any user can register potential electronic evidence with one or more of these servers. This enables a user to later assert that they had the data at the time. Wide availability should induce proper behaviour between parties whether they use the scheme or not.

Timetable