ACTION-650: Review what provenance WG is doing with an eye to application to privacy issues from Jonathan A Rees on 2012-09-23 (www-tag@w3.org from September 2012)

From: Jonathan A Rees <rees@mumble.net>
Date: Sun, 23 Sep 2012 16:49:17 -0400
To: www-tag@w3.org
Message-ID: <CAGnGFMKjWSP1RL83gnsGC+3Wv2LBQReiudG7uVWmAVu0_Qq-KA@mail.gmail.com>

ACTION-650: Review what provenance WG is doing with an eye to
application to privacy issues
https://www.w3.org/2001/tag/group/track/actions/650

As I remember, I suggested looking at this to help close a TAG
discussion of privacy that was ending with no clear direction for
further discussion.

What I had in mind was to ask whether the Provenance WG would deliver
specifications that could support accountability workflows of
the kind advocated by TAMI ( http://dig.csail.mit.edu/TAMI/ ).  The
hypothesis behind TAMI is, briefly, that core to any effective
implementation of privacy policy is accountability.  Suppose that some
entity A has access to B's private information, and A makes public
*other* information that has the appearance of potential for violating
some agreed privacy policy.  It would be nice if the burden of proof
of policy adherence were on A, and if A had some way to satisfy such a
burden without violating such policy.

The question asked by this action is, does anything coming from the
provenance WG assist in any way in the management or expression of
such proofs?

Indeed, the TAMI idea was listed among the original provenance XG use
cases:
  http://www.w3.org/2005/Incubator/prov/wiki/Use_Cases
... and documented here:
  http://www.w3.org/2005/Incubator/prov/wiki/Use_Case_private_data_use
... but was not really addressed in any XG output:
  http://www.w3.org/2005/Incubator/prov/XGR-prov-20101214/#Original_Use_Cases

I did a quick scan of the WG's working drafts (as listed here:
 http://www.w3.org/2011/prov/wiki/Main_Page ) and did not find any
evidence that this use case, or even any specific consideration of
privacy or accountability, survived to figure into WG's goals or
designs.  That is not to say there is no applicability; and I have not
digested the working drafts to the point I could asses that question.

My purpose here is mainly educational. I feel that whenever privacy
comes up in the TAG, we tend to wander off into the relative comfort zone of
security, which is only one part of achieving privacy goals. Where
privacy gets interesting and hard is around the question not of
*access* to data, but of how someone who has access can learn
what uses are permitted (policy communication, see Geolocation
debate), and convince themselves or others that any actual use of the
data conforms to policy. That is not a security question (given
current technology).
The state of the art, in fact, is legal (see Larry's governance work).
TAMI is a research effort to move some of the non-security (i.e.
use policy) aspects back into a technical space, so I think TAG
members should be aware of it.

Set PENDING REVIEW.

Jonathan

Received on Sunday, 23 September 2012 20:49:44 UTC