Re: Third-Party Web Tracking: Policy and Technology Paper outlining harms of tracking from Rigo Wenning on 2012-10-16 (public-tracking@w3.org from October 2012)

From: Rigo Wenning <rigo@w3.org>
Date: Tue, 16 Oct 2012 20:46:59 +0200
To: public-tracking@w3.org
Cc: David Wainberg <david@networkadvertising.org>, Alan Chapell <achapell@chapellassociates.com>, Shane Wiley <wileys@yahoo-inc.com>, Vincent Toubiana <v.toubiana@free.fr>, Jeffrey Chester <jeff@democraticmedia.org>, Jonathan Mayer <jmayer@stanford.edu>
Message-ID: <1725189.MOXxq1cUK7@hegel.sophia.w3.org>

David, 

On Tuesday 16 October 2012 12:46:26 David Wainberg wrote:
> So, this is getting more specific: "a dossier of more than one
> data item." Can you elaborate? Why is it only more than one item?
> Is there a small number that is also acceptable, such as 3 or 5?
> Is there a time element? This sounds like the type of specific
> problem for which we might be able to tailor a solution.

We either have a few items of very high entropy or large amounts of 
data that create privacy risks (Westin's dossiers, reduced autonomy, 
loss of control of one's image/only for stars in US). In security, 
the breach of only one item may be decisive and make the system 
vulnerable. In Privacy/data protection it is the profile or the raw 
material to create such a profile. The more powerful our computers 
are, the easier it is to create a profile out of raw data. 
With this in mind, I'm willing to help tailor a solution that 
addresses the risk. Unique IDs are precisely a problem because they 
allow for easy profile building out of raw data. The simpler the 
abuse, the higher the risk the more we need safeguards. If we argue 
along those lines, we can be very convincing, also towards 
regulators.
> 
> > Users today make a risk judgment about the potential abuse of
> > their data. The common opinion is that once it is out, data
> > will be abused. The limits only lie within the creativity of
> > the folks abusing the data. Conclusion: don't give them data.
> 
> There is little to no basis for this very broad statement. That is
> why we need to zero in on specific issues and real-world risks.

I'm not putting a risk forward, but rather exemplify the panopticon-
effect and the psychologic fallout. If they know enough to precisely 
target my wishes, what do they know about me? You know it, you'll 
say "this is trivial and does no harm". But none of us has yet 
argued for an API for data subject access so they can see what is 
held on them and how it is organized. 

> >> Vincent recently raised one specific case -- access to server
[...]
> > fears are not justified. It is all about making trust for the
> > market place...
> 
> Again, this is an over-broad statement.

You're right, I have to look at the permitted uses with the 
viewpoint exemplified above. Just imagine for a moment you were 
paranoid and then look at the permitted uses. You'll identify the 
weak points where we need argumentation or minimization. 

Rigo

Received on Tuesday, 16 October 2012 18:47:29 UTC