- From: Karima Boudaoud <karima@polytech.unice.fr>
- Date: Thu, 25 Apr 2013 14:08:19 +0200
- To: Christine Runnegar <runnegar@isoc.org>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Hi Christine, > This will be very useful for the privacy guidance documents. > > I'll have a go at putting the questions on the wiki (unless there is > a kind volunteer willing to help me with this, please!). I can help you. I will try to do it before the teleconference if I can. Best regards Karima > In the meantime, please continue to add your suggested questions to > this thread. > > Christine > > On Apr 22, 2013, at 11:47 AM, Robin Wilton wrote: > >> Nick - >> >> That's excellent, thank you! >> >> I have one addition to suggest (something that occurred to me more >> recently than the discussion). It relates to two already-identified >> risks: >> >>> >>> * What other data could this record be correlated with? (e.g. the >>> ISP) >>> [dsinger] >>> >>> * If you had large amounts of this data about one person, what >>> conclusions would it enable you to draw? (e.g. maybe you could >>> estimate location from many ambient light events by estimating >>> latitude and longitude from the times of sunrise and sunset) >>> [dsinger, tonyr] >> >> The additional use-case I thought of has to do with what happens if >> you're able to correlate the ambient light events from two discrete >> devices. If they show the same event profile, you might infer that >> the two devices are co-located. That represents two kinds of >> privacy risk: (1) that you can infer that two people are (or were) >> co-located at a given time, and (2) that you can frustrate an >> individual's attempts to maintain separation of two >> "personas" (say, Home and Work) by having a dedicated device for >> each. >> >> Hope this is useful - >> >> Robin >> >> >> Robin Wilton >> Technical Outreach Director - Identity and Privacy >> Internet Society >> >> email: wilton@isoc.org >> Phone: +44 705 005 2931 >> Twitter: @futureidentity >> >> >> >> >> On 20 Apr 2013, at 04:34, Nicholas Doty wrote: >> >>> Robin W. and others raised the point that it might be useful to >>> consolidate the questions that different reviewers asked during >>> privacy reviews of the Ambient Light API. I've tried to extract >>> that list from those threads and included my results below (and >>> marked the people that mentioned a question in [brackets]). >>> >>> I do not yet believe that all of these questions must be asked/ >>> answered regarding every Web spec or API, that this list is >>> exhaustive or usefully framed. But I think it might be a nice >>> starting point. As Frank D. has noted, checklists are often a good >>> first step towards systematic reviews. >>> >>> * can the information be used (alone or in combination with other >>> APIs / sources of information) to fingerprint a device or user? >>> [tlr, erin, npdoty, others] >>> >>> * may I access to the information I created? >>> [karl] >>> >>> * may I record it myself (locally)? >>> [karl] >>> >>> * am I able to have actions on this personal record? >>> [karl] >>> >>> * may I block partly or totally the record of the information? >>> [karl, tonyr] >>> >>> * may I fake it? (think about fuzzy geolocation or voluntary fake >>> location) >>> [karl] >>> >>> * Is the data personally-derived, i.e. derived from the >>> interaction of a single person, or their device or address? (If >>> so, even if anonymous, it might be re-correlated) >>> [dsinger] >>> >>> * Does the data record contain elements that would enable such re- >>> correlation? (examples include an IP address, and so on) >>> [dsinger] >>> >>> * What other data could this record be correlated with? (e.g. the >>> ISP) >>> [dsinger] >>> >>> * If you had large amounts of this data about one person, what >>> conclusions would it enable you to draw? (e.g. maybe you could >>> estimate location from many ambient light events by estimating >>> latitude and longitude from the times of sunrise and sunset) >>> [dsinger, tonyr] >>> >>> * Am I likely to know if information is being collected? >>> [wseltzer] >>> >>> * How visible is its collection and or use? >>> [wseltzer, tonyr] >>> >>> * Do I get feedback on the patterns that the information could >>> reveal (at any instant, over time) so I can adjust behaviors? >>> [wseltzer] >>> >>> * if a background event about the device is fired in all browsing >>> contexts, does it allow correlation of a user across contexts? >>> [npdoty] >>> >>> * can code on a page send signals that can be received by device >>> sensors on nearby devices? >>> [npdoty, tonyr] >>> >>> And while we're gathering checklists of questions, we might look >>> at the old Morris/Davidson doc for Internet specification authors >>> that had some questions related to privacy: >>> http://tools.ietf.org/id/draft-morris-policy-considerations-00.txt >>> (In particular: "4. Questions about Technical Characteristics or >>> Functionality" and then privacy discussion in Section 5.) >>> And the IAB Privacy Considerations for Internet Protocols contains >>> lists of questions in the "Guidelines" section: >>> http://tools.ietf.org/html/draft-iab-privacy-considerations-08 >>> >>> This satisfies my ACTION-2. >>> >>> Thanks, >>> Nick >> > >
Received on Thursday, 25 April 2013 11:55:30 UTC