Re: Are we trying to build a compliance system on poorly-defined core concepts?

Sorry, resending with the links included:

In DC I raised a number of concerns and solutions expressed as
"Alternative 6" [1]. The current F2F has only strengthened my opinion
that a proscriptive compliance framework based upon poorly-defined
core concepts is a bad idea. I am all for small steps toward progress,
and believe that unfettered from over-reaching specification of
compliance to usage permissions and party contexts, the TPE will
establish a useful specification of user agent and server signaling.
But as I heard and commented upon yesterday, the TCS discussion
continues to veer toward proscriptive requirements on Web service
architecture elements and players across the spectrum, without
considering the true complexity of some of its core concepts. These
include the concepts of "user", "user agent", and "identity"
(especially as it relates to "privacy"), for a few.

If we were to consider for example that real "users" of
computers/phones/etc are often not the owners of those devices or in
control of the software settings of the device-based user agents, and
that users of multiple devices most likely will not want to have to
manage settings in each device/user-agent [2], and that as services
migrate to the cloud that users will access them from an increasingly
diverse set of devices and network contexts, it becomes clear that the
1-to-1 association of user to device and user-agent to "web browser"
is a severe conceptual limitation. User agents are in fact more
broadly and truly distributed concept, under which numerous software
and network entities can act on behalf of a user, and in many cases
serve the real user's preferences more accurately and effectively than
a single device or software component can. Thus as discussed
yesterday, the notion that intermediaries (e.g. proxies, a component
in distributed user agents) should be forbidden from expressing the
true intent of the "user" by modifying or adding DNT header
information, is short-sighted and obscures a broad range of
implementation/deployment approaches as it views the problem only
through the narrow lens of browser-controlled preferences.

Similarly, the current focus on "identity", especially as it relates
to the privacy implications of "identifiable" attributes, does not
serve overall privacy goals well. Analyses of approaches to
anonymization (e.g. [4]) show that approaches such as k-anonymity can
provide only a transient/comforting sense that collected data cannot
be associated to an "individual" (meaning here any discrete entity,
not just a user). Thus rather than chasing permitted uses and
unlinkability down an illusory rabbit-hole, we should focus on user
awareness of and participation in the bargain that they engage in with
every click. Related to the "what are we trying to do" discussion in
DC, promoting user engagement in choosing how they are advertised to
as well as how much information can be retained about their activities
should be our focus for "tracking protection". But that set of goals
are much more complex than can be achieved by the narrow focus on data
collection/retention, permitted uses, and unlinkability in the TCS.
Those may be aspects of potential solutions, but I believe that only
by establishing the broad outlines of tracking protection intent, and
then letting the market bring innovative solutions to those goals, can
we truly achieve progress in tracking protection without massively
disrupting the developing Web economy.

[1] (Alternative 6)
[2] (scalability of UX for DNT preferences management)
[3] (express intent)
[4] ("The End of Anonymity, the Beginning of Privacy")

Received on Friday, 5 October 2012 06:55:16 UTC