lift privacy talk
TRANSCRIPT
-
8/9/2019 LIFT Privacy Talk
1/11
Privacy Revisited - Protect and Project
LIFT France 10
7th July 2010 Marseilles
This is the text of my talk, the presentation slides can be found
in a separate file on scribed.
Introduction
Privacy is not a configuration of settings, it has little to do with
privacy policies that you find on websites. It's my own policy
that governs my behaviour. Privacy is certainly not dead, it isessential to my autonomy and identity.
I'll be talking about the Mine! and VRM - a couple of projects
that take the view that privacy starts from the individual user,
not a platform or a web service. They are both based on the
need for users online to be the point of integration for their data
and its sharing. Privacy is 'protected' and 'projected' through a'user-driven' design as well as through UX/UI.
As an individual interacting with others I am the best judge of
my privacy requirements. When I talk to my friends I know what
to tell them and what not to share. If I mess up, I suffer the
consequences and learn not to gossip with those who betray
confidences.
Beyond my immediate social circles and when money or
reputation is at stake, I need to understand the consequences
of sharing information so I can manage my privacy. But if my
privacy is not up to me to manage, there can be no demand for
such knowledge to be available. As a result many people have
no idea about how their data is used and abused.
The best privacy settings are in my head. At the moment, I
-
8/9/2019 LIFT Privacy Talk
2/11
have little ability to execute my privacy policy. Why assume
that such ability has to come from the legal world and why not
start building tools that help individuals manage their data and
help them to determine their privacy behaviour themselves?
*[Privacy regression
Privacy is under threat because our autonomy online is under
threat.
From technical perspective, the regression of privacy can be
associated with the rise of platforms - platforms own your data,your interactions and ultimately your ability to share or withhold
that data. That goes to the very heart of privacy.
From commercial perspective, anything that helps others
influence your behaviour and decisions is of value - your data
reflecting your preferences & choices is a perfect means of
doing that. So getting access or ownership over that data isvaluable.
From practical perspective, anything that make my life easier,
convenient is preferred by the user, no matter how much the
tool or application deprives the user of autonomy or has
undesirable long-term consequences. From potential loss of
data and archives, to downtime and narrowing of functionality
and other limitation such as censorship. ]
Behaviour and ownership
There are two levels on which privacy needs to be considered:
behavioural i.e. sharing
ownership, access or control of your data (meta-data, logs etc)
a) what can YOU do with your datab) what can OTHERS do with your data
-
8/9/2019 LIFT Privacy Talk
3/11
They are intrinsically linked and I'd argue you can't have the
first without the second. I'd also argue that people tend to think
of one or the other, depending whether they are coming fromthe client or the server side...
Why does the second point matters as much, if not more, as
the first. Because privacy is not the one secret I dont want
revealed The problem is all the stuff that I create in my online
existence - the data dandruff of life, which is not secret in any
way but which aggregates to stuff that we dont want anybody
to know. It also aggregates to predictive models about us thatwe would be very creeped out could exist at all.
So what is to be done?
There is much wailing and gnashing of teeth over Facebook's
encroachment on users privacy. This goes for most platforms,
web services and applications but Facebook is the posterwhipping boy for this one, to mix metaphors. And for good
reasons.
And yet, their user base does not diminish. FB does something
useful for people and until better and freer and more privacy
alternatives exist it will continue to grow.
But privacy matters and unless we have autonomy, i.e. freedomto pursue it, it will be elusive.
Privacy remains an issue with such web services and platforms
- as long as I have to depend on a third party to protect my
privacy, it will be exposed by accident or incompetence, force
by authorities or abuse - marketing and advertising.
*[More than binary choice
-
8/9/2019 LIFT Privacy Talk
4/11
Privacy has become a binary choice, often regarded as a more
or less acceptable trade-off that 'consumers' are only too willing
to make in return for some benefits to them.
I tend to think it is an issue of choice. If there is no meaningful
choice and people feel this, they might just as well forgo a bit of
privacy in exchange for what appears tangible benefit to them -
a discount, a better deal etc, but as tools arise to help people to
take charge of their own data, their mindset will shift too.
So on the practical level online privacy is about creating tools
that help the individual to control access to data to the pointwhere he/she decides directly who gets to see what, without
reliance upon a third party or an intermediary.]
*[Privacy tolerance
Peoples' tolerance for privacy violations will decrease, just as
our tolerance for lack of connectivity or quality is dropping;
these are different issues but the same behaviour pattern. Fornow, we are used to our data not being 'respected' - that the
choice we have with regard to our privacy is only a binary
choice: either you play and give up your data or you don't and
exist in splendid isolation. The latter is not a way to benefit
from the web, whether it comes to social networking or
shopping.
People do care about privacy and examples of how easily theygive up their data in exchange for trinkets are not convincing.
So until people feel that they have a real choice such skewed
behaviour is not illogical.]
*[Privacy settings are not social
At the moment I dont drive "who gets to see what" beyond
simple decisions about who is in and who is out. Socialinteractions and relationships are far more granular than social
-
8/9/2019 LIFT Privacy Talk
5/11
networks allow them to be. Usually, this is seen as a privacy
issue and leads to complicated access management, e.g.
Facebook privacy settings.
Privacy is merely the other side of the coin of complexity in
human relationships. My privacy settings are inherent in my
behaviour. My privacy policy should not be embedded in any
software. Software privacy settings limit my ability to be truly
social i.e. capable of maintaining complex relationships and
interactions with others, arguably the purpose of such tools.
Truly social software needs to satisfy both requirements ofonline life - to allow its users to organise their data according to
their needs, and to support peoples relationships as defined by
themselves.]
*[Privacy as policy for behaviour
Privacy may be a policy of the individual, but not in a sense of a
privacy policy for the individual chosen from a given selection in(say) the style of "Creative Commons".
There is a huge difference: for instance, I have a policy about
who I let into my house. I dont need to display it on my doors
or attach it to my address or business cards. It is far more
convenient and flexible for me to decide there and then, when
someones knocking at the door. It is my implicit privacy policy
that kicks in. Sure, I dont want junk mail or door-to-doorsalesmen but just because I can display notices to that effect,
doesnt mean that is the way to deal with the rest of the
humankind. Online privacy is about creating tools that help the
individual to control access to data to the point where he/she
decides practically and directly who gets to see what - without
reliance upon a third party or intermediary.]
Building privacy systems, instead of letting people implement
http://www.new.facebook.com/privacy/http://www.vrmhub.net/2008/09/ownership-of-data-privacy-policies-and-other-vrm-creatures/http://www.vrmhub.net/2008/09/ownership-of-data-privacy-policies-and-other-vrm-creatures/http://www.new.facebook.com/privacy/ -
8/9/2019 LIFT Privacy Talk
6/11
their own privacy 'policies', makes privacy an awkward bolt-on
when it should be natural and integral to our behaviour. The
more people who learn what "privacy" means and understand
its merits and the price of its abuse, the better policies theycan devise for themselves...
Bazaar: conversations, relationships and transactions
Yes, markets are conversations - as the Cluetrain Manifesto
states, but they are also relationships and transactions - as the
anniversary edition of Cluetrain adds.
Imagine a marketplace - a bazaar, souk, your local stall market- you can talk to the stall holders, the sellers about their
product, you see the person, not the company first. If you
frequent the market, you might even recognise the seller and
develop more continuous conversations i.e. relationship. And
occasionally you buy something, i.e. transact. These
components of market exchange are not evenly distributed but
they are all part of a balanced commerce. In theory.
Alas, the modern commerce is all about transactions.
Advertising and marketing are not conversations, CRM is not
relationships
The social web at least has brought some changed about...
I have far more conversations than I have relationships -already true.
The number of transactions is smaller than the number of
relationships, in other words, not all relationships lead to
transactions - at the moment, my transactions are not a
result of conversations and relationships with vendors.
Conversations and relationships are sound foundations for
transactions - already my conversations and relationshipswith friends and contacts are increasingly affecting my
-
8/9/2019 LIFT Privacy Talk
7/11
decisions about who to transact with but still a long way to
go.
It's not all about vendors; the conversations and relationships
are with my friends and contacts - vendors need tobecome part of my network in order to improve
transactions
When it comes to transactions we have little to almost no ability
to influence it. Offline you go to a shop, you buy a product and
you pay for it at the till. Online, you go to site, you jump through
various hoops to buy a product. We have a long way to go to
redress the current balance of power between vendors andcustomers.
Customer-vendor see-saw
Customers and vendors are in a locked see-saw with one side
hugely outweighing the other. Like with a real world see-saw in
such position, the fun is spoiled for both.
VRM is about providing customers with tools that make them
both independent actors in the marketplace and better
equipped to engage with vendors.
This is not possible when all the tools of engagement are
provided by suppliers, and all those tools are different.
VRM PrinciplesRelationships are voluntary.
Customers are born free and independent of vendors.
Customers control their own data. They can share data
selectively and control the terms of its use.
Customers are points of integration and origination for their own
data.
Customers can assert their own terms of engagement andservice.
-
8/9/2019 LIFT Privacy Talk
8/11
Customers are free to express their demands and intentions
outside any companys control.
Free customers are more valuable than captive ones.
All these can be bridged by the last principle VRM is based
on the belief that free customers are more valuable than
captive ones to themselves, to vendors, and to the larger
economy.
Balance of power
By giving individuals tools to redress the balance of power, the
pressure from customers should help level the playing field.Independence from vendors, platforms or anyone who would
like to benefit from your data without permission will be key.
One of the ways is to help people to become the point of
integration of their data - that will serve as a springboard for
their ability to manage, analyse and mine it in ways thats
currently not possible.
Types of personal data
Speaking of data and personal data in particular, it aint what it
used to be... There are now several kinds of personal data:
date of birth, address, phone number, passport number, social
security number, mothers maiden name, etc
This kind of personal data is mostly static, your address orphone number can change from time to time, and although it is
possible to change your name, the date of birth or your
mothers maiden name is unchangeable. This is the *last* kind
of information I would share online, usually if it is required for a
transaction, and even then I think twice.
Then there is the kind of personal data that came with theweb, is the 'data pertaining to a person' - created, collected and
-
8/9/2019 LIFT Privacy Talk
9/11
shared by a person. This data is dynamic, at any time only a
snapshot of the person and the more data can be created and
captured, the more granular and valuable it can become.
On the web such flows of data often act as a proxy for a
relationship. People subscribing to my blog, Friendfeed, Twitter,
Facebook updates etc. perceive such data as personal, as in
related to my person and yet, its existence revolves around
sharing it with others. As a result, we have few means of
harnessing the dynamic data i.e. making it work for us further,
though we have many ways of generating and communicating
it.
Another type is data that others collect or have about me,
whether or not I have access to it myself. Click stream, meta-
data, logs etc. The 'end user' is often not aware of existence of
such data, let alone allowed to control or manage them.
Fractured online existenceOn the social web, the number of third-party defined spaces
designed to contain bits of my data - photos, content,
relationships, transactions, purchase history, locations,
knowledge, privacy requirements - grows by the week.
They allow me to create stuff and share it with others online.
This is all good and empowering. But over time, my fractured
existence across various platforms becomes evident.Currently, I lack the means to perform three simple functions -
capture, manipulate and share my data on the web before and
above anyone else and on my own terms.
Personal data vision - my data in my hands
I want a place where my data lives in its raw unrefined form and
is under my control so I can apply functionality that helps me dowhat I want.
-
8/9/2019 LIFT Privacy Talk
10/11
Another reason for privacy is ability to analyse your own data,
in ways that nobody else can, adding value to the data sets
only I can - context, understanding, direct knowledge etc
There is value even before sharing, getting to know my own
behavioural patterns, verifying or disproving my impressions (I
really do drink more than I thought), countering the cognitive
biases human mind is so easy to adopt (it always rains in
London but actually the records tell otherwise).
For example, I'd like to be able to learn from all the data andpurchase history I have on Amazon, in a place that I can call
my own. I'd like to mine or analyse it myself. Combine it with
my reading habits, travels (to make sure I have reading
material for those long airport waits), with my calendar for
peoples birthday to buy them a book, with my notes on
vendors i.e. Amazon's payment and delivery practices, my
purchase history, my opinion about their prices, publishingtrends and then share that with my friends as I see fit.
The Mine! Project
Mine! strives to be user-driven and to see how much privacy
awareness and user 'policy' can be done through UX/UI, which
need to be immediate, intuitive and actionable. This means that
the user has to see, understand and be able to act on theimplications of his or her actions on sharing and disclosure.
Mine! can handle granular to obsessively detailed control over
sharing of data.
[It has to allow for certain messiness in 'ontologies' - the only
ontology that made sense is the one created by the user. Tag
taxonomies are not ideal but all the others are an imposition.In other words, Mine! allows you to release your inner librarian
-
8/9/2019 LIFT Privacy Talk
11/11
or OCD geek for your own data organisation or just enjoy more
specific sharing with others.
Mine! also try to increase privacy awareness by providing anddisplaying various data that inform the user about what's
happening to their data/objects they create and share, namely
meta-data and access logs (slides 17-20).]
We always looking for people to join the project, whether as
coders, UI experts or users who don't mind a bit of a rough ride
in the early days.
~
For more information about VRM or the Mine! project see
www.themineproject.org and/or contact Adriana Lukas:
adriana dot lukas at gmail dot com
___________________
*text between square brackets [ xx ] was not included in my
LIFT presentation but is part of my talks on privacy