Text archives Help


Re: [projectvrm] Transparency: Watching and Watchers


Chronological Thread 
  • From: James Pasquale < >
  • To: Adrian Gropper < >
  • Cc: Luk Vervenne < >, Guy Higgins < >, Jason Wong < >, David Brin < >, Colin Wallis < >, Doc Searls < >, Edwin Lee < >, John Wunderlich < >, ProjectVRM list < >, Tom Crowl < >
  • Subject: Re: [projectvrm] Transparency: Watching and Watchers
  • Date: Sun, 1 Jan 2017 11:02:03 -0500
+1 Adrian, couldn’t agree more


On Dec 30, 2016, at 1:15 PM, Adrian Gropper < " class=""> > wrote:

Luk is describing privacy engineering of the transactions among people and among business. Privacy engineering, to the extent the term is actually used, typically applies to a single institution. The best example I've run across is Apple presenting a course at WWDC16 http://devstreaming.apple.com/videos/wwdc/2016/709tvxadw201avg5v7n/709/709_engineering_privacy_for_your_users.pdf

The issue for VRM (and Kantara) is to help develop privacy engineering across multiple and unrelated institutions including SMEs and global corps. To achieve the new norm Luk calls for we would need to combine privacy engineering with standards development to a much larger extent than I currently see.

Standards are the domain of global corporations and intermediaries. SMEs, professional organizations, and citizens don't pay or play much of a role. It's been hard to introduce privacy engineering across standards. IDESG has been trying to do that for about 5 years with absolutely no visible outcome. NIST has been diddling around the edges of the issue. IIW is a significant effort toward privacy engineering but it's not organized to produce a consensus on anything. 

The only place I've seen so far that is taking privacy engineering toward a rough consensus and running code is Rebooting Web of Trust http://www.weboftrust.info/ 

Adrian



On Fri, Dec 30, 2016 at 12:18 PM, Luk Vervenne < " target="_blank" class=""> > wrote:
Dear all


All this is very true, but ...let’s focus back on privacy & personal data.

Here is a concept….

I see two motivations for privacy:
- One of the (slow) benefits of the Internet is  the emancipation of the individual.
- Seperately, due to data breaches, European organisations are now being enforced to accept the user's privacy.

In order to make this really work we need to solve the individual-organisation tension in both directions, hereby creating a more symmetric business.
Not in the least since, in an user-centric world, this is anyway to become the new norm. (read: no alternatives)

As such, the GDPR should NOT be seen as a correction of corporate thinking, but a rebooting of the relationshop that:
1. solves the individual’s privacy issues, meaning that the transparency is a needed ‘enforcement’ element), and... 
2. demonstrate to organisations that they don’t NEED identity disclosure upfront. This is the old norm. 

Symmetric business works in two directions

1. Firstly organisaitons (all of them) need to FINALLY accept that identity disclosure comes - at best - at the end of a transactional or analytics proces, ...IF EVER!
- Upfront identity disclosure is replaced by identifying individuals using a fully, persistent, pairwise pseudonyms when SSO logging into ecosystems (= a different pseudonym for every WS or organisation!).
- fully in the sense that eacj Web Service or Website gets another paiwise pseudonym
- persistent in the sense that users are recognized over session by the persitency of the pseudonyms 
- pairwise since the pseudonyms are generated between the user en the WS or Website
- This can be done by a techno-legal-contractual ecosystem framework, which enforces - by default - an obligation servvice for end-user policies and maintains the pseudonymisaiton ecosystem-wide.
(we know consent receipts, but what about a complete audit framework using for instance sticky polcies and xacml language, so its use is deeper and more relevant …)

That's the individal side

2. For organisations, this also means that individuals are now equiped & ready to volunteer in sharing more (pseudonomised) data 
- transactions still are limited by data monimisaiton
- so the focus is actually towards a democratisaon of analytics
- We want SME’s en shops to do analytics or capture intent, as well. Not just the big guys (In europe 99% of companies IS an SME)
- Analytics-as-Service (next to the cloud-PDS becomes an option.

3. The interesting Profiles found  are then turned into offerings to need to be send to …pseudonyms. They can still find the user using an ecosystem de-pseudonymisation service. 

4. The indvidual then is either open of closed to offerings. This needs to be configured in a way that is also promotes intent casting

5. Identity disclousre then remains a prerogative of the user. He might disclose his idenitty if needed, but for businesses it has become (far) less interesting. 

All of this is done with full transaction / analytical transparency. 



Happy year’s end, …


Luk




I agree, very strongly, with Jason.  

Regarding transparency, it seems to me that there should be a spectrum of transparency:
  • Individuals should not sacrifice privacy for transparency in their legal activities (and won’t in their illegal ones)
  • Private sector organizations need to be transparent in their dealings with individuals, but organizations also have a right to maintain a certain level of privacy.  The protection of intellectual property is, I will boldly assert, within that right.  When every one owns everything (radical transparency), no on owns anything (except of course, the vlasti) and we have seen and can now see where that leads.  This is not a condemnation of open source efforts – but those will only be effective as long as they are voluntary.
  • Public sector organizations need to be painfully transparent, with the exception of certain information, the release of which would actually damage the safety and security of the people.  This is a very difficult category, and one that has been abused for all sorts of reasons.  The Soviets classified telephone directories and maps because they could be used by foreign enemies.  That is, at least in my mind, absurd.  Similarly, the criteria by which the IRS determines tax-exempt status should be completely public and their adherence to it should be completely transparent.  On the other hand, even the top-level information about Operation Overlord in WWII needed desperately to be guarded — total opacity and a “body guard of lies.”
The problem is not defining the spectrum — even I can do that.  The problem is determining the social and legal mechanisms that make that transparency rewarding.

Guy


From: Jason Wong < " target="_blank" class=""> >
Date: Thursday, December 29, 2016 at 22:26
To: Adrian Gropper < " target="_blank" class=""> >, David Brin < " target="_blank" class=""> >
Cc: Colin Wallis < " target="_blank" class=""> >, Doc Searls < " target="_blank" class=""> >, Edwin Lee < " target="_blank" class=""> >, John Wunderlich < " target="_blank" class=""> >, ProjectVRM list < " target="_blank" class=""> .harvard.edu>, Tom Crowl < " target="_blank" class=""> >
Subject: Re: [projectvrm] Transparency: Watching and Watchers

David,

With radical transparency, everyone's thoughts and actions are arbitrarily known, naturally leading to the manipulation of people and the loss of heterogeneous creativity. 

I've recently come back from Milan, Paris, and Prague where it was obvious from every dark confessional how much privacy, and loss of choice, individuals experienced throughout history. It was our founding fathers, through Jefferson's ideas about religious freedom, that finally allowed people to have complete privacy of their thoughts and beliefs- which led to the innovation and creativity of this great country.  

Do you really think the radical transparency that is mandate in some Muslim countries leads to creativity and innovation?  Is that the radical transparency that is desired?  Does not privacy come first? Indeed, the whole basis of the empowerment of women came from the idea of privacy in the bedroom, which ed to women's reproductive rights, human empowerment, individual choice- and then radical creativity.

Jason Wong asks: "I fear radical transparency without choice (privacy) leads to a reduction of the spirit of innovation and creativity that has sustained humanity's ascendance in this Universe."

To which I have to ask, to which era do you refer? Because "the spirit of innovation and creativity" was routinely, relentlessly and nearly always crushed - fiercely - in almost every human culture other than our own. There were a few slight exceptions, Athens, Florence, Venice... but even those were marginal.

The spirit of innovation and creativity that you extoll was always an ember within us, but as I point out here: http://evonomics.com/david-brin-ultimate-answer-government-useless/
it only became a roaring and reliable source of light in the last maybe 8 generations.



And the one thing that empowered the spirit of innovation and creativity has been freedom from oppression by kings, priests, lords and oligarchs. That, in turn, only happened because citizens and average and creative people have been empowered to resist domineering forces.  And the only thing that empowered them was reciprocal accountability...

...which history shows only happens with transparency.

Indeed, that was the magic ingredient that gave us... privacy.











--

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/


Archive powered by MHonArc 2.6.19.

§