- From: Robert Hazeltine <rhazltin@bacall.nepean.uws.edu.au>
- Date: Sun, 25 Feb 1996 12:33:12 +1100 (EST)
- To: Murray Altheim <murray@spyglass.com>
- Cc: hallam@w3.org, www-html@w3.org
Murray, On Fri, 23 Feb 1996, Murray Altheim wrote: > No question here. But there's no need to standardize *all* fields, just > commonly-used ones, such as name, address, phone, PGP key, etc. Several > dozen at most. I can see why people are attracted to this idea actually. However, I am starting from a different premise. Maybe people two generations hence might find the ideas of transferring data - both personal and business - without human intervention acceptable as a principle. I do not. I have already had enough to do with online government and business systems to know that I cannot accept the proposal as a wise one, as distinct from a good technical one. I guess I do not want to see the thin edge of the wedge become the block. Once this princple is accepted, there will be no constraints, especially in the hands of private enterprise (which is even more scary than government's intrusion into our private lives). For whatever its worth, government is at least subject to political scrutiny. There are plenty of examples of failed regulatory control of companies - telecommunication and credit reference companies are but some. (No aspersions on Spyglass, Inc. as I am unaware of your business - being from "out of town" so to speak :-) ) Put this in the context of a lot of computer users who are not exactly computer literate, there is a volatile mix of technology and ignorance. The prime example is the so called "Registration Wizard" of Microsoft Win95. People tend to push buttons without realising the consequences: I witness it all the time and in earlier days have probably fallen victim to it myself. Add the automatic downloading of information (ie without human intervention) to the current environment and implicitly we are surrendering our privacy without a fight. What if we add to this scenario, a few unscrupulous players? Where are the guarantees? The control features in the proposals are not strong enough. I guess I see it pretty much as the engineers' failure to meet the systems demands of the nuclear industry, but with the added proviso that, if privacy goes, so does a lot of other rights. Why shouldn't this group promote some human values as well as technological excellence? > I've been on the Internet since the early 1980's, and neither have I. > But perhaps you haven't thought about where this might be a real benefit. > We as users aren't currently using the Internet in ways that have been I cannot claim to have been on the Internet for that long but have had a long association with computers (and some pretty lousy systems along the way) since the late '60s in fact. I think I have a reasonable understanding of the impact of the technology even better than I understand computers themselves. > > envisioned. Let's remember that once secure transactions are commonplace, Secure transaction will overcome some of my current reservations about networked systems but it does not follow that secure transactions should be linked with this sort of proposal that allows another systems to probe for information on a particular workstation. As a sysop, people set up some pretty tight restrictions on accessing machine information but are not prepared to accord the same safeguards to people. > shopping and other types of financial and information transfer transactions > will occur regularly, maybe many times per day. This won't just be from > your home or office computer, but from qiosks and other venues. You > certainly won't want to be hand-entering data each time you use a service. I have developed systems that transfer financial and other sensitive business data across networks. So what you are talking about to me is a trivial extension of that. Nothing in these proposals, and some of the comments on my original posting, inspires confidence that proper weight has been given to concerns for the integrity of privacy. > I would make a recommendation: make it an registration scheme (possibly > through IANA), where a registered field name would be accompanied with a > text description. If the form designer agreed that the text description > matched the input requirement, they'd use the registered field name. The > repertoire of registered names will always be smaller than the need, but > for commonly-used field names (which is really your scope anyway), this > might serve very well. This would also serve as a central point for both > form designers and users to understand the field definitions. For the reasons I outlined above, I would not think this compromise viable as utimately the data set would be used at large (if ever there was agreement on what could be part of it). > Specialized application areas might register fields used within their > discipline, so perhaps a registration field called 'scope' or 'application > area' might be helpful, with 'General' being default for things like name, > address, phone, etc. > > There is obviously a question of centralization vs. decentralization here, > but for purposes of commonality of input, centralization seems preferably > IMO. The template URI could in either case reside with IANA (or its > location could be registered) or on a local system, and if so we'd probably > just want some flag in the field name or template designation. There are many type of businesses on the Internet already - each has its own data requirements and this is compounded further as you will realise if you have been through but one application development cycle. > I think I share your concern with this proposal that a particular UA or > server combination might be able to auto-generate a response containing > user information on simply viewing a page. I'd hate to devise a feature > capable of allowing servers or external agents to capture unencrypted > private information without the user's knowledge. Given that some scenarios > visage each workstation also becoming a server, it seems possible that a > robot could query each workstation for that personal data. Some privacy > safeguards would seem absolutely necessary. Precisely my point. It wouldn't be long before there were gaping holes through which to access information contrary to an individual's wishes. > > Just some spurious thoughts on a Friday... > Quite the contrary. Rob... Robert Hazeltine r.hazeltine@nepean.uws.edu.au Library Web Support http://www.nepean.uws.edu.au/library/
Received on Saturday, 24 February 1996 20:39:42 UTC