Re: Security, Privacy and Accessibility use cases from Joshue O Connor on 2020-02-27 (public-rqtf@w3.org from February 2020)

From: Joshue O Connor <joconnor@w3.org>
Date: Thu, 27 Feb 2020 14:13:14 +0000
To: "White, Jason J" <jjwhite@ets.org>
Cc: RQTF <public-rqtf@w3.org>
Message-ID: <006334ea-92a6-76ec-e631-bbf20cbb50e9@w3.org>
White, Jason J wrote on 27/02/2020 13:00:
>
> Thank you, Josh, for your observations.
>

Thanks Jason. Some comments inline.

> The following additional ideas on this subject were developed during 
> the meeting, in your absence.
>
>  1. It is important to acknowledge the limited role of technological
>     measures in ensuring privacy, and that much of the responsibility
>     lies with regulatory arrangements rather than with the design of
>     technologies.
>

I'm not sure I agree with that.

>  1. However, there are cases in which it makes good sense to use
>     technological measures to limit the disclosure of information
>     which might reveal a person’s disability, so as to make the task
>     of ascertaining these facts without the user’s consent more
>     difficult for any party who seeks to do so.
>

+1 and I think we should be looking at what they are. Ultimately there 
are issues of personal integrity and control over your data, an indeed 
over how you choose to, or need to use, various types of technology. 
Maybe we need browsers that inform us with even more levels of detail 
when we are being tracked, sniffed etc? I think browsers hold the key 
for much of this line of defense, look at the great work Mozilla is 
doing for example, with more generic privacy concerns.

There are also more benign aspect, as Janina touched on where if feature 
x is enabled in the browser an application could recognise a users need 
for other accessibility related customisations or features. But it 
should all be with the users consent and somehow reduce the leveraging 
of any blackhat profiling via privacy firewalls or fingerprint spoofers.

Looking forward to further discussion.

Thanks

Josh

>  1. The indicators that may be used to infer disability status (with a
>     high degree of probability) may be different from indicators used
>     to draw other inferences about the user. Hence, they should be
>     identified and considered with a view to establishing appropriate
>     technical controls, where appropriate. On this view, the
>     distinctiveness of the disability-related issue consists in the
>     types of information that are likely to be inadvertently revelatory.
>
> There are additional issues that we didn’t discuss, including security 
> more broadly, and disclosure of individual needs/preferences to 
> applications for the purpose of enhancing accessibility.
>
> *From: *Joshue O Connor <joconnor@w3.org>
> *Date: *Thursday, February 27, 2020 at 06:56
> *To: *RQTF <public-rqtf@w3.org>
> *Subject: *Security, Privacy and Accessibility use cases
>
> Hi all,
>
> Our discussion in RQTF yesterday about security, privacy and
> accessibility has produced some further thoughts.
> Janina makes the point that many of the user needs and requirements for
> security and privacy are generic, and broadly applicable for e'one. I
> agree. There is a point of interest for us here in that there is
> arguably an imperative when it comes to protecting the right of people
> with disabilities online, or those who may be classed as vulnerable.
>
> I think this is where we could lead the charge by further exploring the
> potential impact of fingerprinting and how it relates to profiling
> people with disabilities, if we can come up with ways of ensuring that
> the integrity of the user is maintained throughout for people with
> disabilities, my point is this may lead to interesting benefits for the
> 'ordinary' end user.
>
> I think this is the use case (protecting the integrity of disability
> related user data) - that could catch attention, headlines etc rather
> like the traveling animal one in verifiable claims.
>
> Janina also expressed the interesting nature of these technologies that
> they are neither good or bad - it is how they are used that is
> important. But to paraphrase some other clever guy, neither are they
> neutral.
>
> Thanks
>
> Josh
>
> -- 
> Emerging Web Technology Specialist/Accessibility (WAI/W3C)
>
>
> ------------------------------------------------------------------------
>
> This e-mail and any files transmitted with it may contain privileged 
> or confidential information. It is solely for use by the individual 
> for whom it is intended, even if addressed incorrectly. If you 
> received this e-mail in error, please notify the sender; do not 
> disclose, copy, distribute, or take any action in reliance on the 
> contents of this information; and delete it from your system. Any 
> other use of this e-mail is prohibited.
>
>
> Thank you for your compliance.
>
> ------------------------------------------------------------------------


-- 
Emerging Web Technology Specialist/Accessibility (WAI/W3C)
Received on Thursday, 27 February 2020 14:13:20 UTC