- From: Rigo Wenning <rigo@w3.org>
- Date: Mon, 01 Oct 2012 22:27:15 +0200
- To: Alan Chapell <achapell@chapellassociates.com>
- Cc: Mike Zaneis <mike@iab.net>, David Wainberg <david@networkadvertising.org>, Nicholas Doty <npdoty@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>
Alan, On Monday 01 October 2012 13:52:56 Alan Chapell wrote: > It would be helpful if you and others were able to provide some > more thoughts on the specific harms that you see out there - so > that as industry innovates, we can keep those ideas in mind. Thus > far, I've heard very little on that front. I think we talked about the harms many times already. I'm ready to repeat them. If you really want to understand the issue deeply, there is no way around Beate Rösslers "The Value of Privacy, Polity Press 2005". She mainly concludes that the main reason for privacy is to avoid the forced reduction of autonomy (of decision making and opinion building). There are two high level categories: 1/ Consumer protection Data secretly collected and used to discriminate for optimizations of all sorts. My preferred one is about plane tickets that you select during work-hours. In the evening you negotiate with your wife. She agrees. At 10pm you try to book your flight and it is $30 more. You won't renegotiate the flight with your wife. Now log out, use a different browser and a new profile and the flight is still at its initial price. As a consumer, you want to be able to influence the reaction of the system you are confronted with. You can do either by DNT or blocking tools. I can show you how easy it is. If this is still an issue in 5 years, this may even be more damaging to the industry than DNT ever could be. 2/ Democratic values In confirmation of Godwin's law let me tell you that I think that totalitarianism doesn't need computers. But it makes life easier for them. The concentration of high amounts of personal data in few hands is a risk in the power balance. We've been through that discussion for governments in the seventies. We have governmental privacy laws and FOIA (the EU countries only start slowly to adopt the latter). But the internet has changed things and now massive amounts of personal data are in private hands. Here also go chilling effects ( http://en.wikipedia.org/wiki/Panopticism Foucault is central). Even worse than any possible governmental censorship is the self censoring of the people because they fear to be watched. This is the key assertion of the 1984 decision of the German constitutional court on data self determination. To burn it down to PCMCP, the former Egyptian government would have loved to determine whether an someone is inside Egypt or outside. All the world hailed the Internet for helping the revolution. The help was effective because the above was not easy. So there are real reasons. I tried to collect some of them. My favorite is the dog-shit case. A woman entered a bank with a (rather young) kid on her hand. The kid had dog-shit under the shoe and sullied the carpet. The folks in the bank used the video logs combined with the ATM logs to find the accounting information, real name and address of that woman. They invoiced 110€ for the cleaning of the carpet and took it directly from the identified account. This small misuse may inspire you what you could do if you know the entire search history of a person. Or the entire clickstream of the last 2 years. For the moment, the possible manipulation is used for commercial profit, but we already see the beginning of the use of all this in elections. It is therefore essential that somebody can just indicate to the system not to be recorded. And that the system just does not record, or at least throws away after a very short time. So DNT is just a tiny tool, a little aspect in this overall picture. But it could be a useful tool. Now you may understand that recording the same information for accounting or PCMCP (a pure use limitation that is) is not sufficient for most people. Note that the EU folks can simply ignore this debate as they have laws anyway that prohibits you to collect (retain for Roy) or store that retargeting - information without a right out of consent or out of legal permissions. So this is a debate for the unregulated market. How far does commerce go to save democracy? An interesting question. For the moment it is just the consumer protection dialog we have. And the PCMCP case is good, because it shows that there can be a conflict between 1/ and 2/ above, because of measures for consumer protection that can only be achieved with more control and data collection about consumers. Best, Rigo
Received on Monday, 1 October 2012 20:27:53 UTC