Dear Serge, Seriously, the task of the EC is hardly to think 'out of the box'. (What were you thinking!) It is to politically reach consensus between a fast growing number of countries. Think decades. Case in hand: The Data Directive - The first attempt (1995) HAS succeeded in getting the principles set. - The next attempt (2011, = 16 years later) will try to also get them enforced. In other words: your critique has already been embraced. As for your 'new deal' : Although possibly / partially valid, it cannot be the only game in town. (why would we limit ourselves anyway?) But it surely deviates from any form of consensus process. I wish you good luck. “Taking the individual on board as stakeholder in his own processes” would be the alternative. That said : the EC examples mentioned are a tad more practical than "freeing personal data" Some other remarks: You only talk about data within your reach. However, today 70% of your 'social relevant' (versus 'social network relevant') data sits on average in 2500 databases. (study in the Netherlands) Partially as process residue, partially plain illegal. None of these databases we know of. OK, we know a few. How will your approach actually get to that data? How will you enforce your right2know? Secondly, your suggestion to work through metadata is not exactly new. We all have been doing this for years. See: http://en.wikipedia.org/wiki/Metadata Again, have a ball. We definitely need different approaches and attempts : bottom-up, top-down ànd sideways, there no single answer. That’s' how revolutions are won; And that’s what we're dealing with. Luk Vervenne CEO Synergetics NV/SA Terlinckstraat 75 | 2600 Antwerp | Belgium T(+32)3/239.58.13 | F(+32)3/239.59.88 M(+32)478.64.23.46 | VAT BE 0455.690.261 www.synergetics.be |
--------------------------------------------- Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. The integrity and security of this message cannot be guaranteed on the Internet. -----Oorspronkelijk bericht----- Dear VRM colleagues, I've been following with interest the VRM discussions and I can't help but feel that I'm witness to a conversation between creatures living in a 2 dimensional space trying to explain what "thinking out of the box" is. And the project of regulation designed by the European Commission doesn't even attempt to "think out of the line." It is based on good intentions (e.g. "right to be forgotten" ) and a complete inability to take even the very first step to make it a reality (there is already a regulation relative the right to "rectify" personal data, but the whole system would simply crumble if even a limited number of individuals were seriously trying to enforce it ). We don't need yet another piece of legislation but we ought to equip citizens with the means to put an end to digital slavery. It's not a piece of legislation regulating relationships between digital Masters and digital Slaves that will make the difference. We just want to be free! I will focus my argument on one point: personal data protection. Joe wrote earlier: > In a VRM system... > 1. your data is private > 2. your data is yours > 3. only fourth parties get only temporary access to shares of your > data In the real world 1. your data is shared (even intimate thoughts are shared at some point, sometimes involuntarily --freudian slip) 2. our data is ours (within multilayered circles of trust) 3. unless one makes lobotomy normal practice you can't avoid leakage of personal information beyond circles of trust ("did you know that John did so and so?"), you can't oblige someone to forget something (Fahrenheit 451!). The introduction of technology in the discussion on privacy and identity, far from being conducive to enlightenment is creating a reified vision of identity as a set of attributes isolated from the rest of the world by high and thick privacy walls, controlled by user-defined policies. Moreover, all identity technologies have solely focused on the 'identification *of*', being oblivious to the 'identification *to*' issue. Identity technologies have not been developed in relation to the construction of one's identity but to implement authentication and authorisation processes, and these processes are now the foundation on which we construct our reflection on social interaction on the web (and VRM...). It is the story of the tail wagging the dog. Data, like identity, is social. Any bit of data about myself is necessarily shared with other people and organisations. Starting from that premise, could't we imagine an architecture where all data is public while reinforcing privacy? Wouldn't it be wonderful if VRM services and applications where able to access a whole bunch of data without having to ask for permission, without forcing users to define fine-grained access policies for every bit of data by and about themselves (with XACML? Ontologies?)? It is possible and it isn't rocket science! At first iteration, we don't even need personal data stores nor "policy enforcement points" and all the paraphernalia of identity and access management. The current view of the interaction process in a trusted environment is: 1) store data in a PDS (what prevents a hacker or a crooked admin to access my data in a PDS hosted by a PDS provider?) 2) ask users to define access policies (booooring!) 3) establish complicated protocols to exchange data (requires ID providers that eventually be can hacked just as well) 4) track, audit, punish, reward, etc. The approach I suggest is to fully separate data, metadata and services to eliminate the need for any direct connection between users and service providers. Full anonymity and strong identity can coexist. The process goes like this: 1) I put all my metadata in a public place; when I do so, I receive a handle to read statistics and messages placed in a mailbox associated to that handle. The only person that can make a connection between those metadata and me is me, unless I share the handle with someone else. If by accident I give it to someone I shouldn't have, I simply reset the handle to receive a new one. 2) if a VRM application wants to sell me a product or service based on my medata, they just have to leave a message in a space associated to my handle, and I'll collect it when I want --a daemon process would do that for me. This message is also public and can be harvested by other services --competitors, watchdogs, etc. So, if I made public data on my sexual orientations and practices, I could be discovered by a search engine without fear of being identified. I would know that I've been contacted by using the handle generated at the time of the creation of my profile (this would give a whole new meaning to 'love handles'!). With this simple architecture (akin to a wiki of metadata!), there is no need for identity providers, policy enforcement points, trust protocols. We can build a fully fledge VRM system. It is not perfect, but it could work. Privacy is reinforced by making metadata public! --through disconnecting data, metadata and identification... It would create the conditions for massively, anonymous, meaningful interaction. Of course, I could split my metadata across several spaces and have multiple handles. Some of my handles could even be created by others, like health authorities, employers or vendors. I would be the only one able to make the connection between all those handles. We could even imagine an even finer granularity of handles --and there is no limit to the number of handles: we could create more than there are particles in the universe. In such a system, there is no need for any kind of identity provider. One's identity can be computed in real time based on the aggregation of metadata collected from one's profiles. It is possible to have a strong multiple social identities (identification to) without being identifiable (identification of). One missing element in this simple architecture is the ability to manage trust and reputation. As everything is public and anonymous, how can we make the difference between someone pretending to have a diploma and someone who actually has one ---while remaining 100% anonymous. How can I make the difference between a legitimate business or client? In order to achieve that goal, we could simply use an existing piece of software: it's called a proxy. If every entity interacting on the Internet did so through a proxy of agent (personal or organisational), we could then implement global policies enforcing basic social behaviour, like not spamming: in order to send a message to 1 million proxies, we could have a rule such as the requirement to be in existence for more than 3 years. So if a new bio-engineering company discovers a new molecule and, through metadata harvesting, finds out that there are potentially one million people that could benefit from it, it would not be allowed to send a message to more than 100 (unknown) people and in order to reach the million found (but not identified!), it would have to go through a patient association, a national health service or some trusted service. One person could have multiple proxies, share metadata across them, transfer them one to another, providing individuals the ability to reinvent themselves. In order to prove an employer that one has a diploma through an anonymous 'job finding proxy' (ethnic discrimination is not anecdotal employment practice in France) the proxy of the employer simply checks with the proxy of the University that the statement is genuine -e.g. the university proxy simply checks wether the diploma database contains the ID of the proxy of the applicant, so there is no need to have names. While those agents/proxies would not require any kind of Identity provider to exist (they join "the society of agents," just like a new DNS joins the network of Domain Name Servers), they would have a strong identity: date of creation, social networks, history of activities, etc. It is this 'strong anonymous identity' that would create the base for massively, anonymous, meaningful and trusted interaction. Creating this "society of agents" (that are little more than glorified proxies) on top of a massive "wiki of personal metadata" would add the possibility to indicate the level of trustworthiness of metadata without having to reveal the source, nor the identity of the target: when a piece of data is written in the public space, it is automatically associated with a trust indicator based on who is writing it, so it is not the same if I write that I'm diabetic and when it is a health authority. The two layers (without and with agents/proxies) could co-exist and grow in parallel. But to exist, we need to free our personal data. Why not start today? Cheers Serge On 17 juin 2011, at 09:08, Luk Vervenne wrote: > Joe, > > Sure. Content wise we don’t disagree. > I ment for ‘access control’ (parent) to include ‘usage control’ (child). > But we might as well state that ‘control’ has two subtypes. > > On the other hand the EC data directive talks about “protection & > control” of personal data One could argue that ‘usage control’ refers more to ‘protection’ and ‘access control’ more to ‘control’ > Anyway we need both and the EC data directive had both included since 1995. > > This year the European Commission will propose a review of the 1995 Data Protection Directive (95/46/EC). > This will result in a new general legal framework for the protection and control of personal data adapted to the Internet age, covering data processing operations in all sectors and policies of the EU. > > This legal framework is envisioned to include the following topics: > > 1. Personal data management by users, requiring policy makers to shift their focus > 2. Personal data processing by Social networks must go must go hand in hand with the necessary respect for personal data > 3. Strengthen individuals' rights by giving them a high level of protection and control over their own data and about how and by whom their data is collected and processed > 4. "Right to be forgotten," : the right to have your data fully removed when it is no longer needed for the purposes for which it was collected. (i.e. for deleting profiles on social networking sites the service provider can be relied upon to remove personal data completely). > 5. Users’ right2know > a. how your Internet use is being monitored for the purposes of behavioural advertising. > b. when online retailers use previously viewed web sites as a basis to make product suggestions. > c. how to access, rectify or delete your data. Exercise these rights for free and without constraints. > d. when your personal data has been unlawfully accessed, altered or destroyed by unauthorised persons. (Obligation to notify personal data breaches beyond the currently covered telecommunications sector will be extended to other areas, such as the financial industry) > 6. Data controllers are to implement effective policies to ensure compliance with the EU data protection rules, such as : > a. appointing Data Protection Officers > b. carrying out Privacy Impact Assessments > c. applying a “Privacy by Design” approach > 7. Review of the 2006 Data Retention Directive (2006/24/EC), concerning the type and amount of data necessary for security reasons and whether the length of time that authorities can hold data is appropriate. > 8. Tighten current procedures for international data transfers, including the so-called "adequacy procedure”, which verifies that a third country ensures an "adequate" level of protection of personal data. > > Regards, > > Luk Vervenne > CEO > Synergetics NV/SA > Terlinckstraat 75 | 2600 Antwerp | Belgium > T(+32)3/239.58.13 | F(+32)3/239.59.88 > M(+32)478.64.23.46 | VAT BE 0455.690.261 www.synergetics.be | >
">
> > --------------------------------------------- > Disclaimer: > This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. > The integrity and security of this message cannot be guaranteed on the Internet. > > Van: Joe Andrieu [mailto:
] > Verzonden: vrijdag 17 juni 2011 0:44 > Aan:
> CC: 'Gon Zifroni'; 'Project VRM' > Onderwerp: Re: [projectvrm] VRM tool characteristics > > Luk, > > I've got to say Access Control is insufficient. It's not just about controlling who gets to see your data, it's about what they are allowed to do with it. Note that usage control--within a proper contractual or regulatory framework--also addresses data already out there. > > -j > > Joe Andrieu >
">
> +1 (805) 705-8651 > > On 6/16/2011 2:53 PM, Luk Vervenne wrote: > 1 and 2 can be compressed (without losing meaning) into : you have full access control over you data. > While doing you also avoid using the data ownership issue. You don’t own many of ‘your’ data elements, but you do control who gets to see them. > > > Luk Vervenne > CEO > Synergetics NV/SA > Terlinckstraat 75 | 2600 Antwerp | Belgium > T(+32)3/239.58.13 | F(+32)3/239.59.88 > M(+32)478.64.23.46 | VAT BE 0455.690.261 www.synergetics.be | >
">
> > --------------------------------------------- > Disclaimer: > This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. > The integrity and security of this message cannot be guaranteed on the Internet. > > Van: Gon Zifroni [mailto:
] > Verzonden: donderdag 16 juni 2011 23:19 > Aan: Project VRM > Onderwerp: Re: [projectvrm] VRM tool characteristics > > Devon hi, > > Yes and no, it seems to me like a potential leak. > > Since it is a construction built on trust, if you decide to trust a second (vendor) or third (platform, right?) party with the same privileges as the fourth party then yes, but you clearly entrust it with your data. Even if it is granular typically you'll have repeat interactions (subsequent or at a later time). > > i.e. By trusting the second or third party for that role of managing your identity (who you are) and data (what I do, who I know, where I am, where I go, what I like, what I buy, what I want, etc) you open up to tracking and profiling based on repeat exchanges (not just transactions I believe). > > How did you see it though? I was also thinking of the PGP architecture. > > Gon > > On 16 Jun 2011, at 11:07, Devon Loffreto wrote: > > > > Ill submit an edit: > First part #7 = 4th parties can be first, second and third parties, but can only authenticate one role per transaction. > > Devon Loffreto > > > On Thu, Jun 16, 2011 at 9:18 AM, Gon Zifroni <
">
> wrote: > Hi list, I've been following silently for the last year and took part in IIW 11 last year. > > I'm not sure if I got everything right with the terminology, but from what I can synthesize it seems to me we're talking about a system like so: > > In a VRM system... > 1. your data is private > 2. your data is yours > 3. only fourth parties get only temporary access to shares of your > data 4. third and second parties never get access to your data, the second trusts the third and the third trusts the fourth. > 5. fourth parties of your choosing share your data for you 6. only > fourth parties can be polled on your behalf 7. fourth parties can not > be third parties too > > Let me flesh this out a little bit further: > 1. TOS, your data is your legal private property 2. You are the only > one who has complete access to all of your data. Even if it is in the cloud, you are the only one authorized full access at any given time. > 3. Only fourth parties are allowed to get and index only portions of your data, and you can set for how long that data is retained. > 4. They can index it along with other people's data so they can be queried by third and second parties. The query is not a query for data but a query for matching people. The fourth party only returns to third parties the number of matching people not their identity nor data about them. Second parties can connect with first parties via the current fourth party. > 5. In terms of data storage and indexing it is a federated system like email whereby you can choose your fourth party and have several for different kind of data if you choose for it, jsut like people have several email accounts. > 6. see 4. > 7. Fourth parties cannot make use of your data. > > I'm not sure if this is exactly the logic but I thought, given the Google Wallet discussion (I think it'd be a mistake to let it aggregate, index and know about all of your transactions, see 7), that it is a good moment to zoom in and draft an architecture that by its nature keeps data private while maintining certain level of flexibility and performance. Disclosure: my background is in industrial design and architecture (housing). I moved to SF to start a LBS with a group of engineers. > > I'm sure this can be further compressed into 3 or 4 basic rules that qualify any VRM system. > > Gon > > On 16 Jun 2011, at 03:29, Katherine Warman Kern wrote: > > > > +1 > > Katherine Warman Kern > 203.918.2617 > > On Jun 15, 2011, at 4:36 PM, Doc Searls <
">
> wrote: > > Thanks! > > I had meant #4 to cover that, in the sense that "managing" one's data would include understanding it; but maybe that's not the case. Gotta think about it.... > > Doc > > On Jun 15, 2011, at 3:44 PM, Jamie Smith wrote: > > > > Thanks Doc, this is a great start. > > Would you say that number 4 ('help customers manage') would include tools to analyse your own data? > > Such tools might help you identify your own behavioural or commercial trends (for example by finding patterns in your travel expenses or your weekly shopping), and in doing so would help you better a) express intent (#3) and b) engage (#4). > > I suspect that such VRM tools would not necessarily have to have this characteristic, but if they did, then I'd want it to be a separate and distinct characteristic from 'help customers manage' - perhaps along the lines of: > > 6. VRM tools help customers better understand their own data. This is helping the customer discover and expose new value in their own data sets, on their terms and for their own benefit. > > Keen to hear your views. > > Jamie > > On 15 June 2011 19:07, Doc Searls <
">
> wrote: > @jamiedsmith tweeted a pointer to Alex Bogusky's New Conscious Consumer Bill of Rights... > > https://twitter.com/#!/jamiedsmith/status/80903314803396608 > > http://alexbogusky.posterous.com/the-new-consumer-bill-of-rights > > ... adding "needs more symmetry of power for consumers though". > > Rather than critique or seek to improve Alex's Bill, I thought I'd post something we've needed for awhile: a list of characteristics shared by VRM tools. I did that here: > > http://blogs.law.harvard.edu/vrm/?p=872 > > Here they are: > > VRM tools are personal. As with hammers, wallets and mobile phones, people use them as individuals,. They are social only in secondary ways. > VRM tools help customers express intent. These include preferences, policies, terms and means of engagement, permissions, requests and anything else that’s possible in a free market (i.e. the open marketplace surrounding any one vendor’s silo or walled garden for “managing” captive customers). > VRM tools help customers engage. This can be with each other, or with any organization, including (and especially) its CRM system. > VRM tools help customers manage. This includes both their own data and systems and their relationships with other entities, and their systems. > VRM tools are substitutable. This means no vendor of VRM tools can lock users in. > Suggestions and improvements welcome. > > Doc > > > > > > > > > > Serge Ravet Free our Data Now! Support the Internet of Subjects Manifesto! Join us at ePIC 2011, the 9th International ePortfolio and Identity Conference 11-13 July 2011, London -- www.epforum.eu ---------------------------------------- tel +33 3 8643 1343 mob +33 6 0768 6727 Skype szerge ---------------------------------------- |
Archive powered by MHonArc 2.6.19.