Fwd: ACTION-650: Review what provenance WG is doing with an eye to application to privacy issues

I just spotted this on the W3C TAG list.  I don't know if any of us have been 
contacted about this?

My perception is that our focus has been on establishing a basis for trust.  But 
in many ways, I think that the accountability issues referred to are a 
complementary aspect of the same underlying raison d'etre; i.e. knowing what was 
done, to what, and by whom.

#g
--

-------- Original Message --------
Subject: ACTION-650: Review what provenance WG is doing with an eye to 
application to privacy issues
Resent-Date: Sun, 23 Sep 2012 20:49:45 +0000
Resent-From: www-tag@w3.org
Date: Sun, 23 Sep 2012 16:49:17 -0400
From: Jonathan A Rees <rees@mumble.net>
To: www-tag@w3.org

ACTION-650: Review what provenance WG is doing with an eye to
application to privacy issues
https://www.w3.org/2001/tag/group/track/actions/650

As I remember, I suggested looking at this to help close a TAG
discussion of privacy that was ending with no clear direction for
further discussion.

What I had in mind was to ask whether the Provenance WG would deliver
specifications that could support accountability workflows of
the kind advocated by TAMI ( http://dig.csail.mit.edu/TAMI/ ).  The
hypothesis behind TAMI is, briefly, that core to any effective
implementation of privacy policy is accountability.  Suppose that some
entity A has access to B's private information, and A makes public
*other* information that has the appearance of potential for violating
some agreed privacy policy.  It would be nice if the burden of proof
of policy adherence were on A, and if A had some way to satisfy such a
burden without violating such policy.

The question asked by this action is, does anything coming from the
provenance WG assist in any way in the management or expression of
such proofs?

Indeed, the TAMI idea was listed among the original provenance XG use
cases:
   http://www.w3.org/2005/Incubator/prov/wiki/Use_Cases
... and documented here:
   http://www.w3.org/2005/Incubator/prov/wiki/Use_Case_private_data_use
... but was not really addressed in any XG output:
   http://www.w3.org/2005/Incubator/prov/XGR-prov-20101214/#Original_Use_Cases

I did a quick scan of the WG's working drafts (as listed here:
  http://www.w3.org/2011/prov/wiki/Main_Page ) and did not find any
evidence that this use case, or even any specific consideration of
privacy or accountability, survived to figure into WG's goals or
designs.  That is not to say there is no applicability; and I have not
digested the working drafts to the point I could asses that question.

My purpose here is mainly educational. I feel that whenever privacy
comes up in the TAG, we tend to wander off into the relative comfort zone of
security, which is only one part of achieving privacy goals. Where
privacy gets interesting and hard is around the question not of
*access* to data, but of how someone who has access can learn
what uses are permitted (policy communication, see Geolocation
debate), and convince themselves or others that any actual use of the
data conforms to policy. That is not a security question (given
current technology).
The state of the art, in fact, is legal (see Larry's governance work).
TAMI is a research effort to move some of the non-security (i.e.
use policy) aspects back into a technical space, so I think TAG
members should be aware of it.

Set PENDING REVIEW.

Jonathan

Received on Sunday, 23 September 2012 21:28:10 UTC