W3C home > Mailing lists > Public > public-geolocation@w3.org > June 2009

Re: Geopriv compromise proposal

From: Henning Schulzrinne <hgs@cs.columbia.edu>
Date: Tue, 16 Jun 2009 09:34:51 -0400
Cc: Andrei Popescu <andreip@google.com>, public-geolocation@w3.org, Thomas Roessler <tlr@w3.org>
Message-Id: <B840B52E-9614-4FE8-B0C0-51BBD37FBCBC@cs.columbia.edu>
To: Rigo Wenning <rigo@w3.org>
I'm not sure I fully understand the proposal; here's my understanding:

A link leads to a structured data object that describes the privacy  
policy. The format could be P3P or something geo-specific.

Operating on that assumption, I think this is generally a good idea,  
as simply referring to the usual privacy statement does not work well:

- It's almost impossible to render on small devices or on screen  
readers (imagine trying to have the privacy statement read aloud to  
you before deciding whether to submit location information or running  
Babelfish on such a statement)

- It's far too long for people to read (sometimes that seems  
intentional).

- It's written in legalese that's barely understandable to lawyers,  
let alone non-native speakers of English (even assuming that it's  
written in English).

- It can change at any time and changes are not detectable by users,  
so that users may believe that they are submitting their information  
under one set of conditions, but are actually not, even assuming the  
highly unlikely case that they did read the original privacy  
statement. (There are exceptions for extremely high-profile companies  
like Facebook, but such public scrutiny is very unlikely for the vast  
majority of web sites.)

I believe there are studies that show that users just don't read these  
statements, so there's clear quantitative evidence that this "user  
interface" is not working.

Conversely, a structured format makes it easy for clients to
- render important information in a device-appropriate way, including  
non-visually or iconically
- it can be rendered in other languages
- it is easy to detect if the information has changed
- it is possible for UAs to automatically flag problematic things (for  
example, a user could set a policy "never submit location information  
to a company that uses this material for advertisements" and then  
raise an alert before agreeing to do that)

This idea is hardly novel or radical: This is the basic idea behind  
standardized disclosure forms on nutrition labels and credit card  
statements, and has been proposed for other contracts more generally,  
for pretty much the same reasons. A good example of this discussion  
can be found at

http://www.nytimes.com/2009/05/24/opinion/24gibson.html

I'm not sure what happened to the idea, but I believe the Obama  
administration has proposed something similar for mortgage contracts.  
If one can reduce the essentials of food and contracts to a structured  
rendition, I don't see why this would be all that much more difficult  
for basic privacy constraints.

It is clear that any such information, whether a 25-page statement or  
a structured one, can be a lie. But it's a lot easier to catch liars  
when they are forced to be succinct and precise, rather than employ  
weaselwords.

Given the small number of participants, claiming majority consensus  
when the same three or four people are always speaking up against any  
such idea seems a bit thin. Who elected or appointed you as community  
representatives? (The basic problem in all standards organizations is  
that they are vendor-driven; consumers/users are almost never  
represented. I realize the difficulty of achieving that, but we should  
be well aware of the built-in biases of these processes, particularly  
from a public policy perspective.)

Henning
Received on Tuesday, 16 June 2009 13:35:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:50:56 UTC