PING Privacy Consideration Suggestions - Re: PING call - 17 May 2012 - agenda, call details and action items from Mark Lizar on 2012-05-17 (public-privacy@w3.org from April to June 2012)

From: Mark Lizar <info@smartspecies.com>
Date: Thu, 17 May 2012 15:47:10 +0100
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Cc: runnegar@isoc.org
Message-Id: <493EC41A-30B6-40EA-948F-F89967529A80@smartspecies.com>
Christine and Tara,

After some thought I think privacy consideration document is a great  
starting point!

>
> 2. Share your ideas for goals for a privacy considerations document,  
> useful resources to draw from, and help us build an outline for what  
> such a document should look like via this email list or on the wiki  
> at http://www.w3.org/wiki/Privacy/Privacy_Considerations.
>

I have two suggestions I would ask PING to consider. The first is to  
explore a more functional ontology for the standard  development of  
privacy considerations.  The second is the exercise of exploring how a  
more practical core ontology could provide functional benefits that  
independently address privacy considerations in context.

(Note; It is my personal opinion that a lack of clear and appropriate  
ontology in relation to Privacy and Public policy is due to a lack of  
an appropriate ontology that can connect the technical, legal, and  
socially explicit contexts of privacy to an over arching framework  
that will serve public policy.)

1. There are many ontological approaches that can be explored.   
Privacy is often described as a poor choice ontologically as it varies  
in meaning, the meaning changes over time, and means different things  
depending on culture and context.

Perhaps a better ontological choice would be to explore the use of  
'Surveillance' or surveillance considerations.   Building on the  
Privacy Consideration for Internet Protocols by Cooper et al, which in  
section 3.2.1.1. Surveillance, is presented as a primary privacy/ 
security threat, although the definition of surveillance in this paper  
seems to me to be overtly sociological.   I would suggest that  
surveillance start to be further defined technically as communications  
surveillance and information surveillance.  If further social privacy  
considerations of privacy are in scope I would suggest that the state  
and scope of surveillance be quantified for example; retro-active, re- 
active, passive etc.   In addition, in the Privacy Considerations  
document in section 3.2. Privacy Threats it states;

If a data subject authorizes surveillance of his
    own activities, for example, the harms associated with it may be
    significantly mitigated.

This is what would seem to distinctively refer to as sub-category of  
surveillance in which volunteered information sharing can be  
categorized. Socially, people want simple transparency over what the  
control of sharing information they have, (which is usually a protocol  
feature), and what control they dont have.  A this time this  
information is inappropriately buried in unstandardized privacy  
policies  etc. and hence not transparent and useful in context.   
(therefore has little contextual integrity)

Building on the privacy by design approach,  surveillance as a core  
ontology would provide a much more useful technical, legal and social  
ontology than privacy.   From such a suitable core ontology the issues  
of  storage security, intrusion, data minimization, retention,  
correlation, identification, accountability, etc. can be addressed  
with appropriate privacy considerations.

Once structured together this could be reffered to as the surveillance  
policy (or if not surveillance another more appropriate ontological  
policy, as oppose to the existing privacy policy ontology which is  
commonly now used as a source of great obsfucation).

2.  An approach to understanding if another ontological approach (to  
that of privacy) would be useful may be to explore what practical  
benefits would be possible if such an ontology (such as surveillance  
considerations) was pursued in a the privacy considerations document.

In the context of these suggestions I thought I would take a stab at  
postulating some benefits.   Hypothetically, if it were a standard  
practice to prodcue privacy considerations with the surveillance  
ontology,  a protocol architect would then be required to list the  
known surveillance properties and the intended information sharing  
properties of a protocol for architectural consideration.   This list  
could then form the foundation for the technical surveillance policy  
to accompany the protocol.   It is conceivable that such a policy  
would then be passed along to others in the architectural development  
and as a surveillance issues was raised or found this would then be  
added to the appropriate part of the policy, according to the  
formalized ontology.    A privacy impact assessment could then be  
performed for each ontological branch and a standard policy notice  
produced that could address legal, technical, and social privacy  
considerations.

At the risk of taking this suggestions one step to far, I would like  
to postulate how privacy considerations might be useful and provide  
contextual integrity(as defined by Nissenbaum).   If for instance this  
became the dominant ontological policy format for privacy  
considerations it would be concievable that  an individual would be  
able to look at the privacy considerations of multiple protocols,  
services, etc. in the context of their use.   Standard notification  
would then become possible (as privacy notices at this time are not  
standard) transparency could then become a part of the usability and  
the contextual use of the technology.  In such a scenario the  
independent development (or privacy by design approach) would greatly  
enhance the use of privacy considerations as an independant source of  
information rather than complete dependance currently found upin the  
provider of the service or technology in use.

> 3. Please let us know which W3C groups and external privacy-related  
> groups you participate in, and how the work being undertaken in  
> those groups might relate to PING's work.
>

I am an active member of the Kantara Privacy & Public Policy (P3) WG,  
and the Information Sharing Work Group (ISWG).  In P3 the work group  
is working towards Privacy Assessment Criteria for Federated Identity  
Management, in ISWG the work group is currently working on a standard  
contract format for volunteered personal information and also working  
on Information Sharing Labels

> All other ideas are most welcome.
>

The development of a standard practice for listing the surveillance  
and intended information sharing aspects of protocal and architecture  
design in a common location.  With the intent of developing a standard  
infrastructure for notification, consent and end to end transparency.

> Christine and Tara

Kind Regards,

Mark Lizar
Received on Thursday, 17 May 2012 14:49:02 UTC