Re: ACTION-650: Review what provenance WG is doing with an eye to application to privacy issues from Frederick.Hirsch@nokia.com on 2012-11-08 (www-tag@w3.org from November 2012)

From: <Frederick.Hirsch@nokia.com>
Date: Thu, 8 Nov 2012 13:54:12 +0000
To: <rees@mumble.net>
CC: <Frederick.Hirsch@nokia.com>, <www-tag@w3.org>
Message-ID: <1CB2E0B458B211478C85E11A404A2B2701807905@008-AM1MPN1-035.mgdnok.nokia.com>
Thanks Jonathan

Thanks for clarifying the background, that is what I wanted to understand. The TAMI approach sounds interesting.  Implementation of accountability in systems in practice seems hard.

regards, Frederick

Frederick Hirsch
Nokia



On Nov 7, 2012, at 5:59 PM, ext Jonathan A Rees wrote:


On Wed, Nov 7, 2012 at 3:51 PM, <Frederick.Hirsch@nokia.com<mailto:Frederick.Hirsch@nokia.com>> wrote:
Is the conclusion of this action that the Provenance WG is not delivering solutions relevant to privacy even though the TAG hoped they would enable accountability? is the reason that this is too complex or similar to work such as GeoPriv?

Has the TAG contacted the Provenance WG about this issue directly?

There's very little subtext here. The TAG was ending up a F2F session on privacy without any action items open. I remembered that the TAMI research group had made a connection between privacy and provenance, and thought it might be interesting to see if the connection had been made in the WG, so I took that action. So to close the action I just reported what I learned. I'm not interested in rabble-rousing (at least not in this case) and no other TAG members really wanted to pursue the idea. TAMI is a research project and it wasn't obvious to me that the working group *should* have followed up on the idea (which, at the risk of botching the explanation, is that guardians of private information might use provenance metadata to prove that their use of particular information falls within agreed privacy policy; and that absent such proof they should be suspected of misuse). So we let it drop. There's no "issue"; the interest was not in finding neglect, but in sniffing out opportunity.

If you know of some reason why the TAG should pursue a provenance/privacy connection, I'm all ears.

Best
Jonathan

regards, Frederick

Frederick Hirsch
Nokia



On Sep 23, 2012, at 4:49 PM, ext Jonathan A Rees wrote:

> ACTION-650: Review what provenance WG is doing with an eye to
> application to privacy issues
> https://www.w3.org/2001/tag/group/track/actions/650
>
> As I remember, I suggested looking at this to help close a TAG
> discussion of privacy that was ending with no clear direction for
> further discussion.
>
> What I had in mind was to ask whether the Provenance WG would deliver
> specifications that could support accountability workflows of
> the kind advocated by TAMI ( http://dig.csail.mit.edu/TAMI/ ).  The
> hypothesis behind TAMI is, briefly, that core to any effective
> implementation of privacy policy is accountability.  Suppose that some
> entity A has access to B's private information, and A makes public
> *other* information that has the appearance of potential for violating
> some agreed privacy policy.  It would be nice if the burden of proof
> of policy adherence were on A, and if A had some way to satisfy such a
> burden without violating such policy.
>
> The question asked by this action is, does anything coming from the
> provenance WG assist in any way in the management or expression of
> such proofs?
>
> Indeed, the TAMI idea was listed among the original provenance XG use
> cases:
>  http://www.w3.org/2005/Incubator/prov/wiki/Use_Cases
> ... and documented here:
>  http://www.w3.org/2005/Incubator/prov/wiki/Use_Case_private_data_use
> ... but was not really addressed in any XG output:
>  http://www.w3.org/2005/Incubator/prov/XGR-prov-20101214/#Original_Use_Cases
>
> I did a quick scan of the WG's working drafts (as listed here:
> http://www.w3.org/2011/prov/wiki/Main_Page ) and did not find any
> evidence that this use case, or even any specific consideration of
> privacy or accountability, survived to figure into WG's goals or
> designs.  That is not to say there is no applicability; and I have not
> digested the working drafts to the point I could asses that question.
>
> My purpose here is mainly educational. I feel that whenever privacy
> comes up in the TAG, we tend to wander off into the relative comfort zone of
> security, which is only one part of achieving privacy goals. Where
> privacy gets interesting and hard is around the question not of
> *access* to data, but of how someone who has access can learn
> what uses are permitted (policy communication, see Geolocation
> debate), and convince themselves or others that any actual use of the
> data conforms to policy. That is not a security question (given
> current technology).
> The state of the art, in fact, is legal (see Larry's governance work).
> TAMI is a research effort to move some of the non-security (i.e.
> use policy) aspects back into a technical space, so I think TAG
> members should be aware of it.
>
> Set PENDING REVIEW.
>
> Jonathan
>
Received on Thursday, 8 November 2012 13:54:55 UTC