以區塊鏈相互監督機制建立保護隱私的數位身分証發行、認証管理系統

Abstract

隱私權是基本人權的一部分。隨著資訊採集或監控技術的進步與普及，我們往往為了獲得「個人化」服務而將保護我們隱私權的工作交給這些資料採集的組織，期待他們會謹守分寸，進到保護我們的隱私之責。 當我們連接到網路時，我們隨時遺留數位痕跡，而這些數位痕跡在經過神秘的演算法處理之後將會決定我們在數位及現實生活的命運。然而對於這些能夠左右我們生活的演算法我們卻無從得知任何細節，因為他們往往被隱藏在國家安全或商業機密之後。在這些演算法所提供的個人化價值服務的背後，他們對個人所造成的衝擊及潛在傷害卻是真實而有持續性的。此乃文獻中所謂的「隱私與個人化的悖論」。 本研究試著去回答從使用者角度如何去平衡隱私與個人化的需求進而防止陷入引起負價值創造循環。雖然這是一個廣泛的題目，從文獻的學習中觀察到這個主題具有四個主要的面向: 身分代表的所有權、資料擁有權、資料安全、法規的遵循。我們從分析「資料生命周期」進而闡述這四個面向可以簡潔地用四個基本因子: 讓使用者擁有控制權、清楚告知程序、贏得信任、擔負法規責任。我們進一步以此發展一個對系統檢視保護隱私權措施的框架，我們稱之為CAT-on-A-stool. 如同我們之前所言，大部分組織的系統運作是不透明的。在這樣的限制之下，為了推進我們的研究，我們籍由從軟體測試領域的「黑盒測試理論」論述只要我們確保在這個系統的輸入端子系統符合CAT-on-A-stool框架，整個系統應該能平衡隱私權與個人化的需求。而這個輸入端子系統即所謂的Identity Access Management (IAM)系統。 在審視完目前的現有的IAM系統及其缺失後，我們提出一個新的基於分散式自主執行單位(decentralized autonomous organization, DAO)的IAM系統，我們稱之為DAO-IAM。此系統賦與使用者擁有數位身分(ID)控制權，並藉由數位身分的控制進而掌控隱私權與個人化的需求的平衡。在DAO-IAM裡，我們並設置一個由不同單位代表人所組成的管理委員會及結合在DAO-IAM裡的智能合約( smart contracts )進行事項表決以確保決策中立性，並藉由DAO的「執行不可改變性」付諸實現。 我們論述DAO-IAM系統符合CAT-on-A-stool。但是，正如所有新的系統所面臨的問題: 被採納性、被接受速度。為此我們亦闡述如何與現有常見服務提供商，如Google，Facebook，Yahoo!等，IAM機制藉由oAuth協議共存。

Privacy is a basic human right. With the advancement and prevailing of data collecting and processing, a.k.a. surveilling, technologies in the data economy era, we often put our privacy at the mercy of the collecting agents, e.g., governments, and big corporations, in exchange for their personalized services. Whenever on the grid, we leave trails of digital breadcrumbs to these agents, whose mystical algorithms further decide our fates in both digital AND physical worlds. It's almost impossible to examine, correct, or even regulate these algorithms since most of them are hidden under the name of national security or trade secrets. And yet, the impact and potential damage behind the perceived values are real to individuals and they could be so profound and long-lasting. In a way, we are trapped in the so-called personalization-privacy paradox [5]. We set out to answer the question: from a user’s perspective, how to re/balance privacy-personalization to avoid the paradox as a mean to prevent the forming of negativity creation cycles (NCC’s) [2]. Although this is a very broad challenge, we have categorized related issues into four aspects: ID ownership, data ownership, data security, and regulation compliance. We further elaborated and concluded, by analyzing a typical data life-cycle, that these four aspects can be succinctly addressed by the four essential factors: control, awareness, trust, and accountability. We, then, used these four factors to develop a privacy-preserving system evaluation framework named CAT-on-A-stool to help us evaluate if a system preserves privacy while allowing users to enjoy personalized services. As we pointed out that most operations of these organizations are not transparent. To further our analysis, we borrowed a common practice in the software testing field, black box testing. That is, from user’s perspective, the overall system dynamic can be probe through the control of input side without the insights of the black box. We believe if the input of the system, i.e., identity and access management (IAM) system, complied with the CAT-on-A-stool framework, the overall system should balance the privacy protection and the personalization needs. We examine two common IAM and a newly proposed blockchain based systems with the CAT-on-A-stool framework and found each has their shortcomings. From these study, we propose a novel Decentralized Autonomous Organization (DAO) based IAM solution. The proposed DAO-IAM system is a user-centric global ID system that users have more control over. It consists of a human governance committee to judge and manage policies and audit-related issues, and a DAO to autonomously carry out policies without bias. The DAO-IAM system meets the CAT-on-A-stool evaluation but, like all the new systems, its adoption rate and speed will decide its success. To facilitate the adoption, we have addressed the backward compatibility issue by showing how it works with oAuth systems like Google, Facebook, Yahoo, etc.