W3C home > Mailing lists > Public > public-pling@w3.org > July 2009

RE: Geolocation Last Call

From: Malcolm Crompton <mcrompton@iispartners.com>
Date: Tue, 14 Jul 2009 15:15:20 +1000
To: <jeanpierre.lerouzic@orange-ftgroup.com>, <ashok.malhotra@oracle.com>
Cc: <A.K.Bandara@open.ac.uk>, <public-pling@w3.org>, <renato@nicta.com.au>
Message-ID: <017e01ca0442$1a200860$4e601920$@com>
Hmmm.  I am not sure what a simple 'authorise/prohibit' mechanism is, so not
sure whether in fact I am in agreement.  Certainly, the default pending any
active intervention by the user in the absence of any user control or
limited/simple control is 'location services off'.

Malcolm Crompton

Managing Director
Information Integrity Solutions Pty Ltd
ABN 78 107 611 898

T:  +61 407 014 450


-----Original Message-----
From: jeanpierre.lerouzic@orange-ftgroup.com
Sent: Tuesday, July 14, 2009 8:47 AM
To: ashok.malhotra@oracle.com
Cc: A.K.Bandara@open.ac.uk; MCrompton@iispartners.com; public-pling@w3.org;
Subject: RE: Geolocation Last Call

Hi Ashok and all,

I am on holidays right now and don't intend to go back to office, but I
remember nice articles from Microsoft research on the subject of privacy and
evidence or privacy and inference. For example there are articles exploring
how information could be cross checked. Other articles highlight that an
information could be given in one context but not in another so the decision
a user has do is never perfect. It's similar to your line of thought below.
In the EU project named SERVERY we also try to explore those ideas.
Still I want to emphasize the fact that if -as everyone here agrees- there
is no avantage to use a simple authorize/prohibit mechanism, even a
sophisticated authorize/prohibit mechanism to enforce privacy policies (for
example by using an efficient user profiling tool and reasonning/statistics)
is not enough in most real life situations (see the Google maps example): If
we want to gain a wide audience we have also to propose sensible fallback
solutions to the user in the case she doesn't want to give some private
information to the service provider but still want to use the service. 

Best regards,


-----Message d'origine-----
De : ashok malhotra [mailto:ashok.malhotra@oracle.com] 
Envoyé : dimanche 12 juillet 2009 14:20
Cc : A.K.Bandara@open.ac.uk; MCrompton@iispartners.com; public-pling@w3.org;
Objet : Re: Geolocation Last Call

Can you send a pointer to these new ideas?  Thanks!

All the best, Ashok

jeanpierre.lerouzic@orange-ftgroup.com wrote:
> Hi all,
> Among developments in privacy, there are ideas on using evidence and
statistics to manage user's privacy in a much simpler way with a finer grain
than this kind of dashboard like 3GPP's UPM, where service are either
authorized or forbidden.
> But I am not sure it's a so big problem in real life as the end user will
probably be aware she is using a geolocalized service so there is no meaning
in making it impossible to be localized. It is more simpler to not use the
geolocalized service.
> For example how one could want at the same time to use Google maps to get
direction but being afraid of been located?
> Using a service means the user accepts to disclose some information. A way
to deal with that is to use some proxy or third party that will make the
request for the end user but will make it impossible for the service to
cross check information (for example ID AND location).
> Best regards,
> Jean-Pierre
> -----Message d'origine-----
> De : public-pling-request@w3.org [mailto:public-pling-request@w3.org] 
> De la part de Arosha K Bandara Envoyé : vendredi 10 juillet 2009 18:57 
> À : MCrompton@iispartners.com; public-pling@w3.org Cc : 
> ashok.malhotra@oracle.com; 'Renato Iannella'
> Objet : Re: Geolocation Last Call
> Absolutely agree about these issues.  "Easy to use" controls are not
simply about privacy settings for sharing information at a given point in
time.  It also requires some appreciation of the potential future value of
the information - something that we are not very good at assessing anyway. 
> I am an investigator on the PRiMMA project (http://primma.open.ac.uk) at
the Open University in the UK where we are also looking at some of these
issues.  I look forward to being a more active participant in this
discussion going forward.
>  - Arosha
> Malcolm Crompton wrote:
>> I agree, strongly.  The lack of sophistication in thinking around 
>> location based services & privacy is sometimes breathtaking.  It is 
>> neither 'anything goes' nor 'never disclose'.  It has to be much more 
>> nuanced than that.  A person on the lookout for a chance date is in a 
>> vastly different position from the person who is the secret 
>> negotiator going to the secret meeting to lock down the multi-million 
>> dollar deal.  AND the technology is NEVER going to be able to tell 
>> the difference, especially because it could in fact be the same person at
different times in the same day.
>> And that is before we bring in policing, national security and 
>> emergency rescue...
>> Informed, easy to use control with the right default settings (just 
>> ask the behavioural economists et al) is going to be the only solution.
>> Regards
>> Malcolm Crompton
>> Managing Director
>> Information Integrity Solutions Pty Ltd ABN 78 107 611 898
>> T:  +61 407 014 450
>> MCrompton@iispartners.com
>> www.iispartners.com
>> -----Original Message-----
>> From: public-pling-request@w3.org 
>> [mailto:public-pling-request@w3.org]
>> On Behalf Of ashok malhotra
>> Sent: Friday, July 10, 2009 11:25 AM
>> To: Renato Iannella
>> Cc: public-pling@w3.org
>> Subject: Re: Geolocation Last Call
>> I, too, was worried when I read Section 4.  It punts all the privacy 
>> APIs to the implementations.
>> All the best, Ashok
>> Renato Iannella wrote:
>>> After reading Section 4 of the Working Draft [1], I am more worried 
>>> than before.
>>> It does not engender any confidence, even by using the term 
>>> "consideration", for the safety and awareness of the end user's privacy.
>>> Perhaps we now need a PLING Note on "Best Practices for Privacy 
>>> Awareness" ?
>>> Renato
>>> [1] http://www.w3.org/TR/geolocation-API/
>>> On 8 Jul 2009, at 23:09, Thomas Roessler wrote:
>>>> No explicit request for review by PLING, but I think it would be 
>>>> fine for this IG to tell them that you want to do a review -- if 
>>>> that is indeed the case.
>>>> --
>>>> Thomas Roessler, W3C  <tlr@w3.org <mailto:tlr@w3.org>>
>>>> Begin forwarded message:
>>>>> *From: *Angel Machín <angel.machin@gmail.com 
>>>>> <mailto:angel.machin@gmail.com>>
>>>>> *Date: *8 July 2009 14:58:29 CEDT
>>>>> *To: *janina@rednote.net <mailto:janina@rednote.net>, 
>>>>> art.barstow@nokia.com <mailto:art.barstow@nokia.com>, 
>>>>> chaals@opera.com <mailto:chaals@opera.com>, 
>>>>> Mary_Ellen_Zurko@notesdev.ibm.com 
>>>>> <mailto:Mary_Ellen_Zurko@notesdev.ibm.com>, tlr@w3.org 
>>>>> <mailto:tlr@w3.org>, dom@w3.org <mailto:dom@w3.org>, dsr@w3.org 
>>>>> <mailto:dsr@w3.org>,  chris@w3.org <mailto:chris@w3.org>, 
>>>>> daniel.appelquist@vodafone.com 
>>>>> <mailto:daniel.appelquist@vodafone.com>,
>>>>> dahl@conversational-technologies.com
>>>>> <mailto:dahl@conversational-technologies.com>, rbarnes@bbn.com 
>>>>> <mailto:rbarnes@bbn.com>, acooper@cdt.org 
>>>>> <mailto:acooper@cdt.org>, bondi@omtp.org <mailto:bondi@omtp.org>, 
>>>>> jferrai@us.ibm.com <mailto:jferrai@us.ibm.com>, Lars Erik Bolstad 
>>>>> <lbolstad@opera.com <mailto:lbolstad@opera.com>>,  Matt Womer 
>>>>> <mdw@w3.org <mailto:mdw@w3.org>>, chairs@w3.org 
>>>>> <mailto:chairs@w3.org>
>>>>> *Subject: **Geolocation Last Call*
>>>>> Hello Chairs,
>>>>> On behalf of Lars Erik Bolstad, the other co-chair of this WG, and I:
>>>>> The Geolocation Working Group has published the Geolocation API 
>>>>> Specification as a Last Call Working Draft on 7 July 2009:
>>>>> http://www.w3.org/TR/geolocation-API/
>>>>> Feedback on this document would be appreciated through 31 July 
>>>>> 2009 via mail to public-geolocation@w3.org 
>>>>> <mailto:public-geolocation@w3.org>.
>>>>> In particular we are requesting review from the Web Application 
>>>>> WG, Device APIs, Web Security Context, Ubiquitous Web 
>>>>> Applications, Mobile Web Best Practices, Hypertext Coordination, 
>>>>> Protocols and Formats Working Group and also GEOPRIV, BONDI and
OpenAJAX Alliance.
>>>>> The Group made the decision to go to Last Call:
>>>>> http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/016
>>>>> 1
>>>>> .html
>>>>> No patent disclosures have been made for this specification.
>>>>> Thanks,
>>>>> Angel Machin
>>>>> Geolocation WG co-Chair
>>> Cheers...  Renato Iannella
> --
> --------------------------------------------------------------------
> Arosha K Bandara, PhD
> Lecturer, The Open University,      e-mail: a.k.bandara@open.ac.uk
> Walton Hall Campus                  Tel   : +44 1908 653545
> Milton Keynes, MK 76AA, UK
> --------------------------------------------------------------------
>           http://fasturl.open.ac.uk/a.k.bandara.htm
> --------------------------------------------------------------------
Received on Tuesday, 14 July 2009 05:22:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:50:40 UTC