TPRC45

Much of the existing analysis of privacy has sought to clarify the difference between data protection and more fundamental privacy concepts, in particular by incorporating explicit ethical aspects such as: voluntary participation; clear and optimised value; meaningful and informed consent; respect for privacy, identity and confidentiality preferences; ‘ethics by design’ to maintain integrity, quality and transparency; and clarity regarding specific interests. These considerations are all relational in nature, so attention has naturally begun to shift from data protection to data governance and from individual privacy to relational privity. This approach is already bearing concrete fruit in contexts such as data science and the design and assessment of cyberphysical systems (including the IoT). But it is still relatively insensitive to the structure of these relationships; the objective of this research is to apply methods drawn from network game theory to the understanding of information access and utilisation structures, with an eye ultimately to replacing todays crude privacy, data protection and cybersecurity rules – which tend to pay attention only to the individual level (e.g. European concepts of data protection as a fundamental right of individuals), pairwise notions (confidentiality rules) and entire groups (security rules and ‘public information’ concepts) with something that more accurately reflects the importance and dynamics of structures as they have emerged in practice. The reason for using network game theory is that it replaces: i) the ‘big group’ of non-cooperative games (where all the players ‘play together’) with explicit structures that determine who plays with whom; and ii) the ‘coalitions’ of cooperative game theory (where membership in a coalition is reflexive, symmetric, and transitive) with a specific geometry of (binary or higher) interactions. To apply these tools to privacy and security, it is necessary to clarify the nodes and links that make up the network. It is already clear from the work on relational privacy that informational or data privacy can be straightforwardly represented; people are the nodes, and access to or flows of their personal information determine the links. One contribution of the proposed paper is that privacy in various senses is also given an explicit topological structure. Access and permitted actions define proximity and explicit contacts and contracts are supplemented by shared norms. Thus people may be ‘close’ either in the sense that they are less private or secure from each other than from others or by having similar views of privacy and security – and thus similar responses to unexpected developments, willingness to support changes in law and availability to enter new relationships. This allows: i) a characterisation of outcomes and the impact of rules and norms for different structures; ii) the analysis of models of the evolution of privacy, privity and security conventions along the lines of behavioural conventions (in particular that ‘slow-growth’ topologies favour rapid convergence to risk-dominant outcomes); and iii) modelling the evolution of networks along pairwise stability lines. The original wrinkle is that information shared (or withheld) changes the payoffs and alters higher-order beliefs embodying reputations or trust relations. While standard network game models have fixed strategies and payoffs (the evolution of conventions model) or fixed notions of what each player gets in each network structure (in the structural evolution model); the network privacy model allows these to change as information is shared and used.