Re: Lightning talk at W3C camp from Danielle Zaror on 2012-04-19 (public-privacy@w3.org from April to June 2012)

From: Danielle Zaror <danielle.zaror@gmail.com>
Date: Wed, 18 Apr 2012 22:26:47 -0400
To: Ian.Oliver@nokia.com
Cc: mark.lizar@gmail.com, Kasey.Chappelle@vodafone.com, karld@opera.com, marcosscaceres@gmail.com, danbri@danbri.org, peter.kraker@tugraz.at, public-privacy@w3.org
Message-ID: <CACesfyMJ9oF+rWAapKf_4PGrKJi9k44u16hBvRYjXwe=CfZm3g@mail.gmail.com>
Hello everybody.
It has been very interesting to read the proposals that have been
formulated and
certainly they are a real contribution to the discussion.

Notwithstanding the above and trying to keep in mind the group's goals i
would think, as a starting point to add some ideas:

1) Digital Citizens. This is a group of people born in an era where everybody
can has a real and virtual life, this is a reality, and many of them
probably never would things in a real life but they feel free to act or
write or say the opposite y a virtual life. In one aspect they keep their
privacy in a higher level than in the other (virtual).

2) Privacy Values. In this scenario, and as several of you have mentioned, is
diffuse and difficult transmit the value of privacy. I do not think so the
privacy is dead. In our internal forum every human being has always the
opportunity to found themselves and living situations that they keep in
that sphere, alone or accompanied.
I believe that public knowledge of issues that recently were considered
private has increased, mostly because today is easy and cheap the access to
internet.

3) Teach About It: I think there is a great challenge to pass on to these
"digital citizens" that they are the owners of something  really valuable, that
they must care for and for which they have control tools.

4) Notifications: I consider very important that W3C has a pro-active stance to
the previous point, for example if any person is surfing on internet they
can be informed with an alert sistem (pop ups, for example) "this
information will be available for the entire network" (as Karl says
"geographical
space"), "this information icould be use in any time", "if this file
contains an image of yourself or others, please evaluates ..." etc. If you
think we always are alerted with this type of messages when we do bank
transfers, so if we do that for that reasons  I think that dont be dificult
accomplish with the same standar in a so sensitive issue.

In relation with promotion of standards, I consider, as a key encourage
the  realization of APIs especially in OECD countries, particularly in the
governments.

Regards.
Danielle.

2012/4/18 <Ian.Oliver@nokia.com>

> This is turning into a Nissenbaum fan club :-)   but seriously, the whole
> notion of context as Nissenbaum puts it is the really critical issue.
>
> I've seen many attempts to define (and implement) privacy in terms of
> protecting the consumer by either blocking any data collection about that
> consumer or by anonymising (semantically) any collected data to the extent
> that it is rendered worthless (and useless).
>
> Work I've been making recently has been on classification of data in terms
> of security, privacy, usage/purpose, provenance, identity etc and
> discovering that we really miss a good "underlying theory" of privacy.
>
> I have a formal methods background and will be the first to admit that I
> get a little nervous when terms can not be precisely defined, so having
> this chance to ask questions about how a given data-set is seen (in terms
> of the above aspects) and how consents and notices are defined in those
> terms too has been very enlightening - even if most of the time it is very
> much "we all know what *it* is" but have no idea on how to formalise it.
>
> A second area of my work has been trying to apply these ideas in our
> architectures and designs - actually implementing privacy as a platform of
> sorts. Binding the above data classifications with architectures and
> specifically data-flow models leads to some similarly interesting
> discoveries about where consents are actually applied (or not), to where
> data is really flowing and what data is flowing.
>
> This all put together to me is a formalisation of the context of which
> Nissenbaum talks. I think that the idea that Karl put forward of the 'fog'
> or opacity is a great way to think about this. Now, how we measure the
> density of that fog is going to be a very interesting approach - personally
> I've been looking at "distance" in the data-flows weighted by the kinds of
> data and aspects as described above, though I'm a long way from being able
> to write down an equation. I also think that this would nicely support the
> idea of surveillance and a measure of this as in Mark's email below.
>
> best regards,
>
> Ian
> ________________________________________
> From: ext Mark Lizar [mark.lizar@gmail.com]
> Sent: 18 April 2012 19:10
> To: Chappelle, Kasey, Vodafone Group
> Cc: Karl Dubost; Marcos Caceres; Dan Brickley; Peter Kraker;
> public-privacy@w3.org
> Subject: Re: Lightning talk at W3C camp
>
> I am a big fan of Nissenbaum and have been thinking about a framework
> along these lines.
>
> I am currently playing with the idea of a standard protocol of
> explicitly listing the surveillance aspects (perhaps like a privacy
> policy but a surveillance policy) along with a log of the specific
> context of surveillance.  Creating a socio-technical-legal protocol
> around surveillance explicitly.  This way a standard notice protocol
> could be used to retrieve a surveillance listing in the context of
> surveillance and provide usable notice independently of the technology
> in use.  In this way  an individual could independently look at the
> context of surveillance and understand what privacy is available in
> this particular context and therefore be able to make informed
> choices.  Thus creating a surveillance trust framework.
>
> Maybe something along the lines of a W3C protocol surveillance
> registry as a method to innovate privacy and trust with the use of the
> Internet.
>
> Mark
>
>
> On 18 Apr 2012, at 16:34, Chappelle, Kasey, Vodafone Group wrote:
>
> > What an interesting way to think about it! But then, I always enjoy
> > your contributions here.
> >
> > Helen Nissenbaum gets a little bit at this when she writes about
> > privacy in context. She says privacy controversies arise when online
> > information collection and use diverges from the social norms of
> > that interaction's most obvious IRL analogue. Any ideas as to
> > whether that's translatable to an internet standards context?
> >
> > -----Original Message-----
> > From: Karl Dubost [mailto:karld@opera.com]
> > Sent: 18 April 2012 16:25
> > To: Chappelle, Kasey, Vodafone Group
> > Cc: Mark Lizar; Marcos Caceres; Dan Brickley; Peter Kraker;
> public-privacy@w3.org
> > Subject: Re: Lightning talk at W3C camp
> >
> > Agreed with Chappelle on
> >
> > Le 18 avr. 2012 à 10:51, Chappelle, Kasey, Vodafone Group a écrit :
> >> frameworks for information accountability are exactly what we're
> >> supposed to be doing here! I just don't know that we get any closer
> >> to that by starting from the idea that privacy is dead.
> >
> > Though I would widen it a bit. Privacy in most people's minds is
> > something poorly understood (myself included) and often very binary.
> > I do not buy Dan's first statement:
> >
> >       "unexpected others aren't monitoring and
> >       logging one's activities, e.g. to allow
> >       anonymous or pseudonymous activities."
> >
> > because we *all* do that all the time with our neighbors in the
> > physical life. It is also basically part of the social contract.
> >
> > So it is not exactly the act of recording which matters, but more
> > something along the lines of:
> >
> > * how much do we record?
> >  (geographical space, time, . )
> > * with which details?
> >  (granularity)
> > * how long do we keep?
> >  (memory, archives, )
> > * the scale of replications
> >  (duplication of copies of these data to others places)
> > * the quality of replications
> >  (duplication with missing or not informations)
> > * the speed of replications
> >  (how fast does it take to transmit this information)
> > * the ability to break the logic
> >  (lies, hiding, cheating)
> > * the reciprocity
> >  (what you know about me, what I know about you with the same effects)
> >
> > In the context of the network: Speeds, Scales, Identical
> > replications, etc. have become very dense concepts. It's why I use
> > Opacity as in a fog in the forest. Depending on the fog context, you
> > see more or less trees around you. Or if you reverse the observer
> > position, different trees have a different image of you.
> >
> > Another important thing is the reciprocity. In a system where
> > parties have a much larger power, possibility to act upon these data
> > that you have on these parties (knowing little about them), the
> > trouble starts.
> >
> > There is also something we tend to forget which is amazingly useful
> > in our social relationship: lies and forgetting. The messages are
> > forgotten and repeated with wrong information. This is a feature,
> > not a bug. It allows a lot of flexibility for individuals and social
> > relationships.
> >
> > [1]: http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-3.html
> >
> >
> >
> >
> >
> >
> > --
> > Karl Dubost - http://dev.opera.com/
> > Developer Relations, Opera Software
> >
>
>
>
>
>
Received on Thursday, 19 April 2012 20:41:14 UTC