- From: John Morris <jmorris@cdt.org>
- Date: Fri, 31 Oct 2008 19:38:07 -0400
- To: Ian Hickson <ian@hixie.ch>, public-geolocation <public-geolocation@w3.org>
- Cc: Alissa Cooper <acooper@cdt.org>
Ian, Alissa responded to part of this message separately, and I have some comments below... At 10:20 PM +0000 10/29/08, Ian Hickson wrote: snip > >On Wed, 29 Oct 2008, John Morris wrote: > > > > In contrast, any approach that squarely confronts web developers with > > clear privacy expectations will lead some to focus on privacy, even if > > -- as you correctly note -- some will not. > >I posit that making the API callback include an object that purports to >describe the user's privacy preferences (as Alissa suggests) will have an >extremely minimal impact on authors in terms of making them aware of >privacy, while having a disproportionally high cost on implementors in >terms of exposing UI, implementing the callback object, and testing these, >and a disportionally high *cost* on users, in terms of exposing them to an >interface that they will not understand, and which will almost uniformly >be ignored anyway. > >In fact, I would say that the net effect would be of taking an issue with >a very well understood privacy model -- only let applications have access >to your location information if you trust them, a privacy model that has >worked very well for all private information up to this point -- and >replacing it with a highly confusing model that will be ignored and that >will thus disenfrachise users. If you truly believe that the Internet privacy model "has worked very well for all private information up to this point," then we may just have to agree to disagree on that. I think there is fairly broad consensus in the U.S. at least (and I am pretty sure in the E.U.) that privacy on the Internet has been a failure. Indeed, your employer, FWIW, has taken a leading role in the industry in the U.S. in calling for new privacy laws to help address a range of serious privacy problems. According to Google management, the consumer privacy situation is "uneven at best." See, for example, http://googleblog.blogspot.com/2006/06/calling-for-federal-consumer-privacy.html (joining a broad effort led by CDT to enact new privacy laws). What Google (and CDT) is calling for in the U.S. is what is called "baseline" privacy laws, which would be similar in effect to the European data directives on privacy. And under both the E.U. model and the proposed U.S. model, web designers who ignore clear privacy directives (such as those expressed in Geopriv) will do so at their own peril. In other words, initiatives like Geopriv are exactly the kinds of tools that the E.U. and proposed U.S. models are designed to help enforce. Just because it has been the historic norm for most online developers to ignore privacy, that does not mean that this norm should continue. The IETF decided to break with the norm and to require that developers address privacy with regard to location information. And now the W3C is working to restore the privacy-ignoring norm. snip > > Moreover, if the W3C says to web developers, "you must appropriately >> handle privacy rules in order to claim compliance with our standard," >> then I guarantee that at least some developers will address privacy when >> they otherwise would not have done so. > >If it makes 10 developers more aware of privacy, but makes 20 users less >careful about disclosing information, then this is a net loss for users. I predict a different result. If the browsers build in a location privacy interface and use Geopriv to pass on users' expection of privacy to developers, and 10 developers honor privacy and others do not, then the user base will vote with their feet (and their blog posts, etc.) and will target more traffic to the 10 privacy-honoring developers. Everyone wins. But if developers can get their hand on location without any privacy rules, then it will be business as usual and there will be no improvement on the privacy front. And wholly apart from the beneficial effect on developers, transmitting location privacy rules along with the location will be beneficial in terms of the risk of government surveillance of location information. In the U.S., if there are clearly stated privacy expectations, then courts are far more likely to protect privacy. > > I am not expecting the law to enforce any technical specification, or >> any moral. Instead, I am expecting the law to enforce an "expectation >> of privacy," which is something that the law does all the time. > >Expectation of privacy is a moral stance. (One I happen to strongly agree >is important, but that doesn't mean it's not a moral stance.) Privacy is a legal matter both the U.S. and the E.U. That it is also a moral matter does not make it not a legal matter. And technology directly affects legal matters (for better or worse) all the time. With Geopriv, technology can facilitate a positive impact on a legal matter. I appreciate that the idea that a technical standard can have a positive impact on a legal matter is alien to many engineers. This precise question that we are discussing was a core topic of debate for about 18 months within the IETF in 2001 and 2002. At the end of the day, that standards body decided that it would break from the privacy-ignoring norm and inject privacy into the technology. I am optimistic that the W3C as a whole will reach the same conslusion. snip > > Why are you so unwilling to explore the possibility of using Geopriv, >> and why are you so unwilling to try to improve the state of privacy -- >> especially when the charter of this group mandates a "privacy sensitive" >> output. > >We believe privacy to be important; critical even. I believe that the >current API stands a significantly better change of effectively protecting >the user's privacy than a more fine-grained, more technology-based, and >more complicated scheme such as Geopriv or ideas based on Geopriv. > >I put forward P3P as a classic example of how technology is a very bad >vehicle for privacy concerns. P3P was not a broad success, IMO, for two reasons: (a) because the U.S. lacked a baseline privacy law that forced US companies to pay attention to privacy. But now that Google (and Microsoft, Intel, Sun, Oracle, HP, and others -- see the link above) support such a law and the U.S. election promises a much more privacy-friendly government, I think things will change on this front. (b) P3P allowed companies rather than users to set the privacy rules. Geopriv seeks to empower the users, and the laws will help to enforce that power. I appreciate that what we are proposing will require more work to implement, but as I think Alissa has demonstated as a proof of concept, it will not be all that hard to do. And, as I have previously noted, I do think that the W3C can benefit from the years of thinking about location conveyance that underlie the Geopriv spec. John
Received on Friday, 31 October 2008 23:38:56 UTC