RE: Privacy implications of automatic alternative selection (Re: Acessibility of <audio> and <video>)

Abstract: this is a reflection, not a suggestion, recommendation or complaint.
Having the issues of privacy and accessibility raised in close juxtapostion to one another made me ponder for a moment, the ethical depth of our web technologies and of the specs which glue them together. Ethics and law occasionally intersect, which is always a bit of delightful serendipity for the humans who actually inhabit our partially regulated world.
Ethical issues to date seem to have had a relatively brief analysis in our discussions since March 2007: patent issues that members of the HTML WG have to abide by; issues of accessibility; occasional social gaffs, affronts to courtesy, and violations of WG protocol; and of course the great founding aphorisms of engagement: the "design principles" that some of us actually seemed to understand*. 
But, it isn't quite clear what it is we all sat down to accomplish in this endeavor. Yes there is a charter, but a charter is more like a set of constraints on the vision we might construct, than it is a shared purpose. Those among us who are seasoned in the ways of building browsers or of writing specs have approached the topics of discussion with a different vocabulary, a system of secret handshakes, and a rich communal sense of how, where and why. Hence, perhaps, calls for elucidation of the group's shared vision were seen as superfluous. Within those communities, such fundamental groundwork probably is superfluous.
But for the authors' community, or the end-users' community, or to professional vagabonds like myself, the notion that we might somehow build this spaceship and then worry later about where it is going, seems a bit peculiar. 
Suppose we were to define our shared objective as maximizing human communication while minimizing the propogation of mis-communication ... or .... suppose we were to say the goal is to allow maximum cross-platform interoperability for a maximum of webpages constructed over the interval (2007 - k to 2007 + n) ... or ... that the goal is to simplify the task of making web applications that run consistently across browsers... or ... a dozen other formulations of varying complexity, emphasis and scope. All of these formulations, these simple "visions" bring with them implicit ethical assumptions about what is ultimately desired.
When the concept of privacy is laid upon the table, it seems so remarkably different than the others that it gave me pause. Does this group have any interest, or responsibility in beginning to address such an issue? What does the UN charter on basic human rights have to say on the subject? Which of the basic human rights agreed upon by the UN actually impinge upon our work? I don't really know. I haven't thought about it before. But maybe I should have.
I am thinking, for example, the following:  User U launches browser X (certified under standard W) to connect to webmail service Y for the first time.  A shrinkwrap aggreement, from Y,  is clicked through by U, giving Y the right to embed web beacons in U's outbound email. Does U know they've agreed to this? Does X know that Y is doing that and that U probably doesn't? Does W have any obligation to ask X, in such a situation to notify U that
"service Y is asking your permission to embed web beacons in your outbound email. This will give Y the permission to sell information about your friend's e-mail address, IP address, e-mail reading habits, and other possibly copyrightable behavioral byproducts to third parties P which may be located in countries known to harrass people for engaging in certain behaviors, which your friends may or may not engage in. This also raises the possibility of legal exposure to company Y for infringing on your friends' copyrights on behavioral byproducts that could, in certain courts of law, prove economically damaging to Y. Do you wish to proceed? (large smily face)"
Well, this may be a bit of hyperbole, but would I not be out of character for not including a healthy dose of hyperbole? Would I not be remiss for failing to point out such an outlandish possibilty? Would any browser be remiss for not considering such ethical dilemmas? Would any standard be remiss for not encouraging implementers to make good choices?
Enough for now.... time to get back to work.
* Some will be quick to point out that I was not among those so gifted.


From: on behalf of Dave Singer
Sent: Thu 9/11/2008 6:52 PM
To: Henri Sivonen; HTML WG
Subject: Re: Privacy implications of automatic alternative selection (Re: Acessibility of <audio> and <video>)

Whenever you interact with a server, there are privacy implications.
What pages do you see?  What computer do you use?  Do you have
open-source software installed?  What time of the night are you
online?  Where from?

I don't think this is any worse, qualitatively;  nor does 'wanting an
accessibility adaptation' really say very much about me.  I might be
cooking and want audio description of video, or watching in a dorm
with the sound muted and need captions, or, or...

I think we should do the analysis once we're done, but I don't think
it should be a top concern as we develop our needs and solutions.

At 20:38  +0300 11/09/08, Henri Sivonen wrote:
>The privacy implications of using media queries came up on the
>telecon. (The tacit assumption was that revealing that one has a
>given disability is a privacy-sensitive matter.)
>The choice of alternative media streams gives the content provider
>information that correlates with the user's disabilities (unless all
>alternatives were downloaded so that the content provider couldn't
>tell with alternative was actually consumed).
>If the user has to select from alternatives, the information about
>the choice is leaked to the content provider at that point.
>Media queries (or any other automatic selection mechanism), on the
>other hand, would allow content providers to probe the user's
>disability-correlated settings when the user visits a page without
>taking specific further action on the page.
>Henri Sivonen

David Singer

Received on Friday, 12 September 2008 01:28:26 UTC