Why privacy can't be left to chance (a response to RE: wording for the privacy section) from Phil Archer on 2008-10-31 (public-geolocation@w3.org from October 2008)

From: Phil Archer <phil@philarcher.org>
Date: Fri, 31 Oct 2008 16:48:23 +0000
To: public-geolocation@w3.org
Message-ID: <490B36D7.4010503@philarcher.org>

Hi,

Much as I would like to be, I am sorry that I can't actively participate 
in this group. But I have been alerted to the discussion on privacy and 
its place in the group's thinking. Let me try this approach:

Many companies spend a lot of money on protecting their users. Google 
offers safe search, for example, which works extremely well. Vodafone is 
a world leader in online safety work (mainly through the excellent Annie 
Mullins, head of Content Standards for Vodafone Group).

Why? Because it hurts their business if end users suffer abuse in any 
way. Issues like cyber bullying, inappropriate content, illegal content, 
viruses and so on all come down to one issue - brand protection. So you 
can bet that any implementation of the GeoLoc WG by Vodafone, or Google, 
or anyone else you've heard of, will be sensitive to privacy. But, 
though it hurts them to hear it, Google isn't the Internet, and Vodafone 
isn't the mobile space. There are services that make a feature of their 
lack of safety.

The world is full of vulnerable people. And vulnerable teenagers are 
especially vulnerable. They may have had a poor education (so forget 
safety messages like "don't give out your location to just anyone"). 
They may be suffering real physical abuse (typically from a step-father) 
so forget "parents should always be able to know where I am" for all 
cases. And even where they are not particularly vulnerable, teenagers, 
of course, take risks (the world stops progressing the day that isn't true!)

Of course the API must force consideration of privacy. If developers 
don't care about it - and Hixie is, of course, right that many won't - 
well, they jolly well should. This is real people we're talking about. 
Making it easy for an end user to advertise their location in a way that 
can lead to a malicious person finding out where they are is 
irresponsible and could seriously hurt the bottom line of businesses 
that implement any such system.

Please listen to John Morris. He's right to be very concerned.

Phil Archer
Latterly with the Family Online Safety Institute.
Chair W3C POWDER WG.

-- 

Please note my new e-mail address. My ICRA/FOSI e-mail addresses will 
not function after the end of November.

Phil Archer
e. phil@philarcher.org
w. http://philarcher.org/

Received on Friday, 31 October 2008 16:52:44 UTC