问题标题:隐私成本
年份:2018
学生等级:本科生
来源:ICM
问题
电子通信和社交媒体的普及和依赖已经变得非常普遍。结果之一是,有些人似乎愿意分享有关他们个人互动、关系、购买、信仰、健康和行动的私人信息 (PI),而另一些人则认为这些方面的隐私非常重要和有价值。不同领域的隐私选择也存在显著差异。例如,有些人为了快速降价而迅速放弃对其购买信息的保护,但同时不太可能分享有关其疾病状况或健康风险的信息。同样,如果某些人群或亚群认为某些类型的个人信息对个人或社区构成风险,他们可能不太愿意放弃这些信息。这种风险可能涉及安全、金钱、贵重物品、知识产权 (IP) 或个人电子身份的损失。其他风险包括职业尴尬、失去职位或工作、社会损失(友谊)、社会耻辱或边缘化。虽然对政府发表政治异议的政府雇员可能愿意付费保护其社交媒体数据,但年轻的大学生可能没有压力限制他们发布政治观点或社交信息。看来,个人在个人隐私保护以及网络空间的互联网和系统安全方面的选择可能会在自由、隐私、便利、社会地位、经济利益和医疗等方面带来风险和回报。
私人信息 (PI) 是否类似于私人财产 (PP) 和知识产权 (IP)?合法获取的 PI 是否可以出售或赠予拥有该信息权利或所有权的其他人?随着人类活动的详细信息和元数据对社会越来越有价值,特别是在医学研究、疾病传播、灾难救助、商业(如营销、保险和收入)、个人行为记录、信仰陈述和身体活动等领域,这些数据和详细信息可能成为有价值且可量化的商品。交易自己的私人数据会带来一系列风险和好处,这些风险和好处可能因信息领域(如购买、社交媒体、医疗)和子群体(如公民身份、专业资料、年龄)而异。
我们能否量化全社会电子通信和交易的隐私成本?也就是说,保护个人信息的货币价值是多少,或者其他人拥有或使用个人信息的成本是多少?政府是否应该监管这些信息,还是最好留给隐私行业或个人?这些信息和隐私问题是否仅仅是个人决定,个人必须评估以做出自己的选择并提供自己的保护?
在评估隐私成本时,需要考虑几个问题。首先,数据共享是否属于公共利益?例如,疾病控制中心可能会使用数据来追踪疾病的传播,以防止进一步爆发。其他例子包括管理高风险人群,如 16 岁以下儿童、有自杀风险的人和老年人。此外,考虑那些试图隐藏其活动的极端分子团体。出于国家安全考虑,政府是否应该追踪他们的数据?考虑一个人的浏览器、电话系统和互联网信息流及其个性化广告;这种定制价值多少?
总体而言,在评估隐私成本时,我们需要考虑所有这些权衡。保持数据私密性的潜在收益是什么,而这样做又会失去什么?
作为国家决策者的政策分析团队,您的团队的任务是:
任务 1:制定一个价格点,用于在各种应用中保护个人隐私和 PI。为了评估这一点,您可能需要将个人分类为具有相当相似风险水平的子组或数据的相关域。为了准确地模拟风险,需要考虑哪些参数和度量集,以同时考虑 1) 个人的特征和 2) 特定信息域的特征?
任务 2:给定任务 1中的一组参数和度量,至少在三个领域(社交媒体、金融交易和健康/医疗记录)建立隐私成本模型。在您的基础模型中,考虑保护数据的权衡和风险如何影响您的模型。您可以考虑给予某些权衡和风险比其他权衡和风险更高的权重,以及按子组或类别分层权重。考虑数据的不同基本元素(例如姓名、出生日期、性别、社会保障或公民号码)对您的模型的贡献。这些元素中是否有一些比其他元素更有价值?例如,与附有此人照片的姓名价值相比,姓名本身的价值是多少?您的模型应该为 PI 设计一个定价结构。
任务 3:不久前,人们不知道哪些机构购买了他们的 PI,他们的 PI 值多少钱,或者 PI 是如何使用的。新的提案正在提出,将 PI 变成一种商品。利用您在任务 2中生成的定价结构,为个人、团体和整个国家建立定价系统。随着数据成为受市场波动影响的商品,考虑 PI 的供需力量是否合适?假设人们有权出售自己的数据,这会如何改变模型?
任务 4:您的模型的假设和约束是什么?假设和约束应解决诸如政府法规(例如价格法规、特定数据保护,例如某些可能不受经济体系约束的记录)以及文化和政治问题等问题。根据您的模型以及政治和文化问题,考虑在考虑政策建议时是否应将信息隐私作为一项基本人权。考虑在您的模型中引入动态元素,通过引入人类决策随时间的变化,考虑到个人对自己数据(例如姓名、地址、图片等个人数据)、交易数据(例如在线购买、搜索历史)和社交媒体数据(例如帖子、图片)的价值的信念不断变化。
任务 5:不同代人对 PI 和数据隐私的风险收益比的看法是否存在差异?随着年龄的增长,这会如何改变模型?PI 与 PP 和 IP 有何不同或相似之处?
任务 6:如何解释人类数据高度关联且每个人的行为通常与他人高度相关的事实?一个人的数据可以提供有关其在社交、职业、经济或人口统计学上与其有联系的其他人的信息。因此,个人分享自己数据的决定会影响无数其他人。有没有好的方法来捕捉数据共享的网络效应?这会影响个人、子群体以及整个社区和国家的价格体系吗?如果社区有共同的隐私风险,那么保护公民的 PI 是社区的责任吗?
任务 7:考虑大规模数据泄露的影响,数百万人的个人信息被盗并在暗网上出售、作为身份盗窃团伙的一部分出售或用作赎金。这样的个人信息丢失或连锁事件会如何影响您的模型?现在您有一个可以量化每个人或每种丢失类型的数据价值的定价系统,那么对数据泄露负责的机构是否有责任直接向个人支付滥用或个人信息丢失的费用?
任务 8:根据您对这个问题的政策建模,向决策者写一份两页的政策备忘录,说明效用、结果和建议。请务必指定您的建议中包含哪些类型的 PI。
您的提交内容应包括:
● 一页摘要表,
● 两页备忘录,
● 您的解决方案不超过 20 页,最多 23 页,包括您的摘要和备忘录。
●注意:参考列表和任何附录不计入 23 页的限制,应出现在您完成的解决方案之后。
题目内容过长,可到文末下载完整版中英文真题
以下是英文版真题
| Problem | |||
| Pervasiveness of, and reliance on, electronic communication and social media have become widespread. One result is that some people seem willing to share private information (PI) about their personal interactions, relationships, purchases, beliefs, health, and movements, while others hold their privacy in these areas as very important and valuable. There are also significant differences in privacy choices across various domains. For example, some people are quick to give away the protection of their purchasing information for a quick price reduction, but at the same time are unlikely to share information about their disease conditions or health risks. Similarly, some populations or subgroups may be less willing to give up particular types of personal information if they perceive it posing a personal or community risk. The risk may involve loss of safety, money, valuable items, intellectual property (IP), or the person's electronic identity. Other risks include professional embarrassment, loss of a position or job, social loss (friendships), social stigmatization, or marginalization. While a government employee who has voiced political dissent against the government might be willing to pay to keep their social media data private, a young college student may feel no pressure to restrict their posting of political opinion or social information. It seems that individual choices on PI protection and internet and system security in cyber space can create risks and rewards in elements of freedom, privacy, convenience, social standing, financial benefits, and medical treatment.
Is private information (PI) similar to private personal property (PP) and intellectual property (IP)? Once lawfully obtained, can PI be sold or given to others who then have the right or ownership of the information? As detailed information and meta-data of human activity becomes more and more valuable to society, specifically in the areas of medical research, disease spread, disaster relief, businesses (e.g. marketing, insurance, and income), records of personal behaviors, statements of beliefs, and physical movement, these data and detailed information may become a valuable and quantifiable commodity. Trading in one's own private data comes with a set of risks and benefits that may differ by the domain of information (e.g. purchasing, social media, medical) and by subgroup (e.g. citizenship, professional profile, age). Can we quantify the cost of privacy of electronic communications and transactions across society? That is, what is the monetary value of keeping PI protected, or how much would it cost for others to have or use PI? Should the government regulate this information or is it better left to privacy industry or the individual? Are these information and privacy issues merely personal decisions that individuals must evaluate to make their own choices and provide their own protection? There are several things to consider when evaluating the cost of privacy. First, is data sharing a public good? For example, Center for Disease Control may use the data to trace the spread of disease in order to prevent further outbreak. Other examples include managing at risk populations, such as children under 16, people at risk of suicide, and the elderly. Moreover, consider groups of extremists who seek to hide their activities. Should their data be trackable by the government for national security concerns? Consider a person's browser, phone system, and internet feed with their personalized advertisements; how much is this customization worth? Overall, when evaluating cost of privacy we need to consider all of these tradeoffs. What is the potential gain from keeping data private and what is lost by doing so? As a policy analysis team for a national decision maker, your team's tasks are: Task 1: Develop a price point for protecting one's privacy and PI in various applications. To evaluate this, you may want to categorize individuals into subgroups with reasonably similar levels of risk or into related domains of the data. What are the set of parameters and measures that would need to be considered to accurately model risk to account for both 1) characteristics of the individuals, and 2) characteristics of the specific domain of information? Task 2: Given the set of parameters and measures from Task 1, model for cost of privacy across at least three domains (social media, financial transactions, and health/medical records). In your base model consider how the tradeoffs and risks of keeping data protected affect your model. You may consider giving some of the tradeoffs and risks more weight than others as well as stratifying weights by subgroup or category. Consider how different basic elements of the data (e.g. name, date of birth, gender, social security or citizenship number) contribute to your model. Are some of these elements worth more than others? For example, what is the value of a name alone compared with value of a name with the person's picture attached? Your model should design a pricing structure for PI. Task 3: Not long ago, people had no knowledge about which agencies had purchased their PI, how much their PI was worth, or how PI was being used. New proposals are being put forth which would turn PI into a commodity. With the pricing structure you generated in Task 2, establish a pricing system for individuals, groups, and entire nations. With data becoming a commodity subject to market fluctuations, is it appropriate to consider forces of supply and demand for PI? Assuming people have control to sell to their own data, how does this change the model? Task 4: What are the assumptions and constraints of your model? Assumptions and constraints should address issues such as government regulations (e.g. price regulations, specific data protections such as certain records that may not be subject to the economic system) and cultural and political issues. Based on your model and the political and cultural issues, consider if information privacy should be made a basic human right when thinking about policy recommendations. Consider introducing a dynamic element to your model by introducing the variations over time in human decision-making given changing personal beliefs about the worth of their own data (e.g. personal data such as name, address, picture), transaction data (e.g. on-line purchases, search history), and social media data (e.g. posts, pictures). Task 5: Are there generational differences in perceptions of the risk-to-benefit ratio of PI and data privacy? As generations age, how does this change the model? How is PI different or similar to PP and IP? Task 6: What are the ways to account for the fact that human data is highly linked and often each individual's behaviors are highly correlated with others? Data on one person can provide information about others whom they are socially, professionally, economically, or demographically connected. Therefore, personal decisions to share one's own data can affect countless others. Are there good ways to capture the network effects of data sharing? Does that effect the price system for individuals, subgroups, and entire communities and nations? If communities have shared privacy risks, is it the responsibility of the communities to protect citizens' PI? Task 7: Consider the effects of a massive data breach where millions of people's PI are stolen and sold on the dark web, sold as part of an identity theft ring, or used as ransom. How does such a PI loss or cascade event impact your model? Now that you have a pricing system that quantifies the value of data per individual or loss type, are agencies that are to blame for the data breach responsible to pay individuals directly for misuse or loss of PI? Task 8: Write a two-page policy memo to the decision maker on the utility, results, and recommendations based your policy modeling on this issue. Be sure to specify what types of PI are included in your recommendations. Your submission should consist of: |
|||
完整版MCM/ICM美赛获奖论文下载⇓
备赛的同学可扫码试听辅导课程
报课免费赠送【2015-2024美赛历年真题集+MCM/ICM历年获奖论文集】⇓
