- From: <Ian.Oliver@nokia.com>
- Date: Wed, 18 Apr 2012 17:38:30 +0000
- To: <mark.lizar@gmail.com>, <Kasey.Chappelle@vodafone.com>
- CC: <karld@opera.com>, <marcosscaceres@gmail.com>, <danbri@danbri.org>, <peter.kraker@tugraz.at>, <public-privacy@w3.org>
This is turning into a Nissenbaum fan club :-) but seriously, the whole notion of context as Nissenbaum puts it is the really critical issue. I've seen many attempts to define (and implement) privacy in terms of protecting the consumer by either blocking any data collection about that consumer or by anonymising (semantically) any collected data to the extent that it is rendered worthless (and useless). Work I've been making recently has been on classification of data in terms of security, privacy, usage/purpose, provenance, identity etc and discovering that we really miss a good "underlying theory" of privacy. I have a formal methods background and will be the first to admit that I get a little nervous when terms can not be precisely defined, so having this chance to ask questions about how a given data-set is seen (in terms of the above aspects) and how consents and notices are defined in those terms too has been very enlightening - even if most of the time it is very much "we all know what *it* is" but have no idea on how to formalise it. A second area of my work has been trying to apply these ideas in our architectures and designs - actually implementing privacy as a platform of sorts. Binding the above data classifications with architectures and specifically data-flow models leads to some similarly interesting discoveries about where consents are actually applied (or not), to where data is really flowing and what data is flowing. This all put together to me is a formalisation of the context of which Nissenbaum talks. I think that the idea that Karl put forward of the 'fog' or opacity is a great way to think about this. Now, how we measure the density of that fog is going to be a very interesting approach - personally I've been looking at "distance" in the data-flows weighted by the kinds of data and aspects as described above, though I'm a long way from being able to write down an equation. I also think that this would nicely support the idea of surveillance and a measure of this as in Mark's email below. best regards, Ian ________________________________________ From: ext Mark Lizar [mark.lizar@gmail.com] Sent: 18 April 2012 19:10 To: Chappelle, Kasey, Vodafone Group Cc: Karl Dubost; Marcos Caceres; Dan Brickley; Peter Kraker; public-privacy@w3.org Subject: Re: Lightning talk at W3C camp I am a big fan of Nissenbaum and have been thinking about a framework along these lines. I am currently playing with the idea of a standard protocol of explicitly listing the surveillance aspects (perhaps like a privacy policy but a surveillance policy) along with a log of the specific context of surveillance. Creating a socio-technical-legal protocol around surveillance explicitly. This way a standard notice protocol could be used to retrieve a surveillance listing in the context of surveillance and provide usable notice independently of the technology in use. In this way an individual could independently look at the context of surveillance and understand what privacy is available in this particular context and therefore be able to make informed choices. Thus creating a surveillance trust framework. Maybe something along the lines of a W3C protocol surveillance registry as a method to innovate privacy and trust with the use of the Internet. Mark On 18 Apr 2012, at 16:34, Chappelle, Kasey, Vodafone Group wrote: > What an interesting way to think about it! But then, I always enjoy > your contributions here. > > Helen Nissenbaum gets a little bit at this when she writes about > privacy in context. She says privacy controversies arise when online > information collection and use diverges from the social norms of > that interaction's most obvious IRL analogue. Any ideas as to > whether that's translatable to an internet standards context? > > -----Original Message----- > From: Karl Dubost [mailto:karld@opera.com] > Sent: 18 April 2012 16:25 > To: Chappelle, Kasey, Vodafone Group > Cc: Mark Lizar; Marcos Caceres; Dan Brickley; Peter Kraker; public-privacy@w3.org > Subject: Re: Lightning talk at W3C camp > > Agreed with Chappelle on > > Le 18 avr. 2012 à 10:51, Chappelle, Kasey, Vodafone Group a écrit : >> frameworks for information accountability are exactly what we're >> supposed to be doing here! I just don't know that we get any closer >> to that by starting from the idea that privacy is dead. > > Though I would widen it a bit. Privacy in most people's minds is > something poorly understood (myself included) and often very binary. > I do not buy Dan's first statement: > > "unexpected others aren't monitoring and > logging one's activities, e.g. to allow > anonymous or pseudonymous activities." > > because we *all* do that all the time with our neighbors in the > physical life. It is also basically part of the social contract. > > So it is not exactly the act of recording which matters, but more > something along the lines of: > > * how much do we record? > (geographical space, time, . ) > * with which details? > (granularity) > * how long do we keep? > (memory, archives, ) > * the scale of replications > (duplication of copies of these data to others places) > * the quality of replications > (duplication with missing or not informations) > * the speed of replications > (how fast does it take to transmit this information) > * the ability to break the logic > (lies, hiding, cheating) > * the reciprocity > (what you know about me, what I know about you with the same effects) > > In the context of the network: Speeds, Scales, Identical > replications, etc. have become very dense concepts. It's why I use > Opacity as in a fog in the forest. Depending on the fog context, you > see more or less trees around you. Or if you reverse the observer > position, different trees have a different image of you. > > Another important thing is the reciprocity. In a system where > parties have a much larger power, possibility to act upon these data > that you have on these parties (knowing little about them), the > trouble starts. > > There is also something we tend to forget which is amazingly useful > in our social relationship: lies and forgetting. The messages are > forgotten and repeated with wrong information. This is a feature, > not a bug. It allows a lot of flexibility for individuals and social > relationships. > > [1]: http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-3.html > > > > > > > -- > Karl Dubost - http://dev.opera.com/ > Developer Relations, Opera Software >
Received on Wednesday, 18 April 2012 17:42:42 UTC