At the Computers, Privacy and Freedom Conference

  A panel at CFP 2002

The panel ran at the Computers, Freedom and Privacy Conference 2002 on Thursday April 18 in San Francisco. Audio tapes are available.

Many electronic and mobile commerce systems collect and transfer information about user identity and location. Are single-sign-on systems for Web users such as Microsoft's Passport, AOL's Magic Carpet and Sun's Liberty Alliance Project desirable conveniences, or unacceptable threats to privacy, or both? Is the logging and retention of cellphone users' travels across mobile telephony cells acceptable? Are the information practices of the multiple organizations handling the information fair? Are the systems secure? What impact will these services have on anonymity of movement?

  A panel at CFP 2000

The panel took place on Thursday April 6 at 2:15pm at CFP 2000 in Toronto.

  Participants

The following people have accepted invitations to participate.

1. Alexander Dix, Commissioner for Data Protection and Access, Brandenburg, Germany
2. Jason Catlett, President, Junkbusters Corp. (moderator)
3. Ray Everett-Church, Chief Privacy Officer, AllAdvantage.com
4. Beth Givens, Director Privacy Rights Clearinghouse
5. Steve Lucas, Chief Information Officer, Privaseek
6. Paul Perry, Program Manager, Microsoft Corp.

  Description

If data privacy is information self-determination, what is the future role of technology and corporations in assisting individuals to articulate their determinations? One fashionable business model is the "infomediary," a company that acts as a data-broker on behalf of consumers, monetizing permission to use personal information. The best-known "negotiated privacy" technology, the Platform for Privacy Preferences (P3P), aims to provide automated matching of privacy "terms" for online interactions. Are these developments what people want? Will they protect privacy? Might they make laws unnecessary, or are new laws actually needed to make them work? What does recent experience suggest for the future?

The bestselling 1999 business book Net Worth: Shaping Markets When Customers Make the Rules by John Hagel and Marc Singer defines infomediaries as ``brokers or intermediaries that help customers maximize the value of the data.'' This expands on a 1996 paper in Harvard Business Review. The book's prediction of a multibillion industry has prompted considerable momentum to implement the idea. Several startups have announced their entry into the ``infomediary'' space including Privaseek, Lumeria, Popular Demand, Enonymous, PrivacyBank. Novell's digitalme and Microsoft's Passport have aspects relating to the infomediary task. A host of other startups perform related functions of distributing and aggregating personal information.

P3P, the Platform for Privacy Preferences is a project of the World Wide Web Consortium exploring (among other things) how to exchange summaries of information practices in a decentralized and global medium.

What is the concept of an infomediary as described by Hagel? How likely is his vision of a multibillion dollar industry? What is the current status of infomediary players? Can permission to use personal data become a commodity that can be brokered on standardized terms? Exactly how would this work? Are infomediaries good for privacy? Good for e-commerce? How much do consumers stand to benefit? What risks does it to individuals?

How do infomediaries relate to negotiated privacy technologies such as P3P? What are the goals of P3P? What is the development status of P3P? What hurdles is P3P facing? How will it meet its goals? What effect will P3P have on privacy? What is the relationship between negotiated privacy techniques and legislative or regulatory approaches to privacy? How do infomediaries and P3P relate to the idea of propertizing privacy rights?

  Media coverage and followup

A report in Interactive Week April 17, 2000 discussed the panel, including the following comment from the Direct Marketing Association:

"Does P3P help those people who are concerned about privacy address those issues online?" asked Stephen Altobelli, director of public affairs at the New York-based organization. "The answer is yes. There is no question that the DMA supports industry self-regulation, and P3P is part of that industry self-regulation. To the extent that it works and people use it, we think that it demonstrates that there is not a need for overly invasive government intervention."

At the conference the industry-funded lobbying group Center for Democracy and Technology and others produced a paper titled P3P and Privacy: An Update for the Privacy Community.

More media coverage: Interative Week; USA Today; AP.

Other articles: Web Review on P3P: Promises Promises Promises.

  Participants

The following people participated as panelists.

1. Andrew Braunberg, Data Mining News
2. Mark Budnitz, Georgia State University
3. Jason Catlett (moderator), Junkbusters
4. Walter Effross, American University [Paper],
5. Stephen Kroll, FinCEN
6. Steve Lucas, Privaseek
7. Latanya Sweeney, Carnegie Mellon University )LIDAP, the Laboratory for International Data Privacy)

  Definition of the terms ``Privacy'' and ``Profiling''

We will consider the term privacy under at least three common definitions.

1. (1924, Brandeis): ``The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness. They recognized the significance of man's spiritual nature, of his feelings and of his intellect. They knew that only a part of the pain, pleasure and satisfactions of life are to be found in material things. They sought to protect Americans in their beliefs, their thoughts, their emotions and their sensations. They conferred as against the Government, the right to be let alone -- the most comprehensive of rights and the right most valued by civilized men''
2. (1967, Westin): ``the claim of individuals... to determine for themselves when, how, and to what extent information about them is communicated to others''
3. (1980, OECD): Fair Information Practices comprising the following eight principles:
   
   1. Collection Limitation
   2. Data Quality
   3. Purpose Specification
   4. Use Limitation
   5. Security Safeguards
   6. Openness
   7. Individual Participation
   8. Accountability

1. ``a set of data... portraying the significant features of something'' (Webster's)
2. ``a concise biographical sketch'' (Webster's)
3. ``an assemblage of data from a variety of sources, associated with an individual who is usually identified personally, usually as one record of many similar such records in a large database'' (Catlett)

  What profiles exist? What are the risks to privacy and the remedies?

The panelists will discuss profiles in at least the following areas.

1. Medical
2. Financial
3. Marketing
4. Law Enforcement

1. How widespread is profiling?
2. How detailed are these profiles?
3. What kind of information do they contain?
4. How are they built? What data sources are combined to assemble them?
5. What are the intended uses of the profiles?
6. Who uses these profiles, and to what extent are they available to others? entities involved in the creation or use of profiles? (e.g. ``Know Your Customer'')
7. What benefits does profiling bring, and to whom?
8. What unintended uses are made of these profiles?
   
   1. subpoena by investigators or litigants
   2. inappropriate disclosure (accident or hacking)
9. What risks does profiling bring, and to whom?
10. To what extent can the parties at risk mitigate their potential loss?
11. To what extent is privacy protected in these profiles?
12. To what extent do the controllers of these profiles attempt to and succeed in comporting with Fair Information Practices?
13. What measures can and should be used to reduce harms and protect privacy, and how effective will they be?
    
    1. Existing laws
    2. Self-regulation
    3. New laws
    4. Action by data subjects

  What is the role of persistent identifiers in these profiles?

Persistent identifiers are often used to collect information and attribute it by inference to an individual. Identifiers are also often used as a key or index into databases, permitting efficient access to records. The following identifiers will be discussed.

1. CODEX (Name plus date of birth)
2. SSN (Social Security Number)
3. Internet ``Cookies,'' including ``anonymous profiles'' from Engage Technologies, Matchlogic and other ad networks
4. Microsoft's GUID (Global User Identifier)
5. Intel's PSN (Processor Serial Number)

  What of anonymity and pseudonymity?

One approach to preserving privacy is to make transactions and data more anonymous or pseudonymous. This raises several questions.

1. When personally identifying information is stripped from a large data set prior to disclosure, to what extent can it be subsequently inferred by others, by triangulation with other datasets? How effective and widespread are methods for statistical disclosure control that attempt to thwart such reverse engineering?
2. How widely is aggregated information from profiles propagated, and does triangulation pose a privacy risk?
3. To what extent do existing laws and policies such as FIPs and the EU Data Protection Directive cover information practices based on persistent identifiers that may accumulate large amounts of data before becoming attributed to an individual? What if this attribution is made with a limited degree of statistical confidence?

1. Roger Clarke's conference notes from 1999 and 2000

Copyright © 1996-2005 Guidescope Inc ®. Copying and distribution permitted under the GNU General Public License. 2005/01/15 http://www.junkbusters.com/cfp.html