lift privacy talk

8/9/2019 LIFT Privacy Talk

1/11

Privacy Revisited - Protect and Project

LIFT France 10

7th July 2010 Marseilles

This is the text of my talk, the presentation slides can be found

in a separate file on scribed.

Introduction

Privacy is not a configuration of settings, it has little to do with

privacy policies that you find on websites. It's my own policy

that governs my behaviour. Privacy is certainly not dead, it isessential to my autonomy and identity.

I'll be talking about the Mine! and VRM - a couple of projects

that take the view that privacy starts from the individual user,

not a platform or a web service. They are both based on the

need for users online to be the point of integration for their data

and its sharing. Privacy is 'protected' and 'projected' through a'user-driven' design as well as through UX/UI.

As an individual interacting with others I am the best judge of

my privacy requirements. When I talk to my friends I know what

to tell them and what not to share. If I mess up, I suffer the

consequences and learn not to gossip with those who betray

confidences.

Beyond my immediate social circles and when money or

reputation is at stake, I need to understand the consequences

of sharing information so I can manage my privacy. But if my

privacy is not up to me to manage, there can be no demand for

such knowledge to be available. As a result many people have

no idea about how their data is used and abused.

The best privacy settings are in my head. At the moment, I


2/11

have little ability to execute my privacy policy. Why assume

that such ability has to come from the legal world and why not

start building tools that help individuals manage their data and

help them to determine their privacy behaviour themselves?

*[Privacy regression

Privacy is under threat because our autonomy online is under

threat.

From technical perspective, the regression of privacy can be

associated with the rise of platforms - platforms own your data,your interactions and ultimately your ability to share or withhold

that data. That goes to the very heart of privacy.

From commercial perspective, anything that helps others

influence your behaviour and decisions is of value - your data

reflecting your preferences & choices is a perfect means of

doing that. So getting access or ownership over that data isvaluable.

From practical perspective, anything that make my life easier,

convenient is preferred by the user, no matter how much the

tool or application deprives the user of autonomy or has

undesirable long-term consequences. From potential loss of

data and archives, to downtime and narrowing of functionality

and other limitation such as censorship. ]

Behaviour and ownership

There are two levels on which privacy needs to be considered:

behavioural i.e. sharing

ownership, access or control of your data (meta-data, logs etc)

a) what can YOU do with your datab) what can OTHERS do with your data


3/11

They are intrinsically linked and I'd argue you can't have the

first without the second. I'd also argue that people tend to think

of one or the other, depending whether they are coming fromthe client or the server side...

Why does the second point matters as much, if not more, as

the first. Because privacy is not the one secret I dont want

revealed The problem is all the stuff that I create in my online

existence - the data dandruff of life, which is not secret in any

way but which aggregates to stuff that we dont want anybody

to know. It also aggregates to predictive models about us thatwe would be very creeped out could exist at all.

So what is to be done?

There is much wailing and gnashing of teeth over Facebook's

encroachment on users privacy. This goes for most platforms,

web services and applications but Facebook is the posterwhipping boy for this one, to mix metaphors. And for good

reasons.

And yet, their user base does not diminish. FB does something

useful for people and until better and freer and more privacy

alternatives exist it will continue to grow.

But privacy matters and unless we have autonomy, i.e. freedomto pursue it, it will be elusive.

Privacy remains an issue with such web services and platforms

- as long as I have to depend on a third party to protect my

privacy, it will be exposed by accident or incompetence, force

by authorities or abuse - marketing and advertising.

*[More than binary choice


4/11

Privacy has become a binary choice, often regarded as a more

or less acceptable trade-off that 'consumers' are only too willing

to make in return for some benefits to them.

I tend to think it is an issue of choice. If there is no meaningful

choice and people feel this, they might just as well forgo a bit of

privacy in exchange for what appears tangible benefit to them -

a discount, a better deal etc, but as tools arise to help people to

take charge of their own data, their mindset will shift too.

So on the practical level online privacy is about creating tools

that help the individual to control access to data to the pointwhere he/she decides directly who gets to see what, without

reliance upon a third party or an intermediary.]

*[Privacy tolerance

Peoples' tolerance for privacy violations will decrease, just as

our tolerance for lack of connectivity or quality is dropping;

these are different issues but the same behaviour pattern. Fornow, we are used to our data not being 'respected' - that the

choice we have with regard to our privacy is only a binary

choice: either you play and give up your data or you don't and

exist in splendid isolation. The latter is not a way to benefit

from the web, whether it comes to social networking or

shopping.

People do care about privacy and examples of how easily theygive up their data in exchange for trinkets are not convincing.

So until people feel that they have a real choice such skewed

behaviour is not illogical.]

*[Privacy settings are not social

At the moment I dont drive "who gets to see what" beyond

simple decisions about who is in and who is out. Socialinteractions and relationships are far more granular than social


5/11

networks allow them to be. Usually, this is seen as a privacy

issue and leads to complicated access management, e.g.

Facebook privacy settings.

Privacy is merely the other side of the coin of complexity in

human relationships. My privacy settings are inherent in my

behaviour. My privacy policy should not be embedded in any

software. Software privacy settings limit my ability to be truly

social i.e. capable of maintaining complex relationships and

interactions with others, arguably the purpose of such tools.

Truly social software needs to satisfy both requirements ofonline life - to allow its users to organise their data according to

their needs, and to support peoples relationships as defined by

themselves.]

*[Privacy as policy for behaviour

Privacy may be a policy of the individual, but not in a sense of a

privacy policy for the individual chosen from a given selection in(say) the style of "Creative Commons".

There is a huge difference: for instance, I have a policy about

who I let into my house. I dont need to display it on my doors

or attach it to my address or business cards. It is far more

convenient and flexible for me to decide there and then, when

someones knocking at the door. It is my implicit privacy policy

that kicks in. Sure, I dont want junk mail or door-to-doorsalesmen but just because I can display notices to that effect,

doesnt mean that is the way to deal with the rest of the

humankind. Online privacy is about creating tools that help the

individual to control access to data to the point where he/she

decides practically and directly who gets to see what - without

reliance upon a third party or intermediary.]

Building privacy systems, instead of letting people implement
http://www.new.facebook.com/privacy/http://www.vrmhub.net/2008/09/ownership-of-data-privacy-policies-and-other-vrm-creatures/http://www.vrmhub.net/2008/09/ownership-of-data-privacy-policies-and-other-vrm-creatures/http://www.new.facebook.com/privacy/


6/11

their own privacy 'policies', makes privacy an awkward bolt-on

when it should be natural and integral to our behaviour. The

more people who learn what "privacy" means and understand

its merits and the price of its abuse, the better policies theycan devise for themselves...

Bazaar: conversations, relationships and transactions

Yes, markets are conversations - as the Cluetrain Manifesto

states, but they are also relationships and transactions - as the

anniversary edition of Cluetrain adds.

Imagine a marketplace - a bazaar, souk, your local stall market- you can talk to the stall holders, the sellers about their

product, you see the person, not the company first. If you

frequent the market, you might even recognise the seller and

develop more continuous conversations i.e. relationship. And

occasionally you buy something, i.e. transact. These

components of market exchange are not evenly distributed but

they are all part of a balanced commerce. In theory.

Alas, the modern commerce is all about transactions.

Advertising and marketing are not conversations, CRM is not

relationships

The social web at least has brought some changed about...

I have far more conversations than I have relationships -already true.

The number of transactions is smaller than the number of

relationships, in other words, not all relationships lead to

transactions - at the moment, my transactions are not a

result of conversations and relationships with vendors.

Conversations and relationships are sound foundations for

transactions - already my conversations and relationshipswith friends and contacts are increasingly affecting my


7/11

decisions about who to transact with but still a long way to

go.

It's not all about vendors; the conversations and relationships

are with my friends and contacts - vendors need tobecome part of my network in order to improve

transactions

When it comes to transactions we have little to almost no ability

to influence it. Offline you go to a shop, you buy a product and

you pay for it at the till. Online, you go to site, you jump through

various hoops to buy a product. We have a long way to go to

redress the current balance of power between vendors andcustomers.

Customer-vendor see-saw

Customers and vendors are in a locked see-saw with one side

hugely outweighing the other. Like with a real world see-saw in

such position, the fun is spoiled for both.

VRM is about providing customers with tools that make them

both independent actors in the marketplace and better

equipped to engage with vendors.

This is not possible when all the tools of engagement are

provided by suppliers, and all those tools are different.

VRM PrinciplesRelationships are voluntary.

Customers are born free and independent of vendors.

Customers control their own data. They can share data

selectively and control the terms of its use.

Customers are points of integration and origination for their own

data.

Customers can assert their own terms of engagement andservice.


8/11

Customers are free to express their demands and intentions

outside any companys control.

Free customers are more valuable than captive ones.

All these can be bridged by the last principle VRM is based

on the belief that free customers are more valuable than

captive ones to themselves, to vendors, and to the larger

economy.

Balance of power

By giving individuals tools to redress the balance of power, the

pressure from customers should help level the playing field.Independence from vendors, platforms or anyone who would

like to benefit from your data without permission will be key.

One of the ways is to help people to become the point of

integration of their data - that will serve as a springboard for

their ability to manage, analyse and mine it in ways thats

currently not possible.

Types of personal data

Speaking of data and personal data in particular, it aint what it

used to be... There are now several kinds of personal data:

date of birth, address, phone number, passport number, social

security number, mothers maiden name, etc

This kind of personal data is mostly static, your address orphone number can change from time to time, and although it is

possible to change your name, the date of birth or your

mothers maiden name is unchangeable. This is the *last* kind

of information I would share online, usually if it is required for a

transaction, and even then I think twice.

Then there is the kind of personal data that came with theweb, is the 'data pertaining to a person' - created, collected and


9/11

shared by a person. This data is dynamic, at any time only a

snapshot of the person and the more data can be created and

captured, the more granular and valuable it can become.

On the web such flows of data often act as a proxy for a

relationship. People subscribing to my blog, Friendfeed, Twitter,

Facebook updates etc. perceive such data as personal, as in

related to my person and yet, its existence revolves around

sharing it with others. As a result, we have few means of

harnessing the dynamic data i.e. making it work for us further,

though we have many ways of generating and communicating

it.

Another type is data that others collect or have about me,

whether or not I have access to it myself. Click stream, meta-

data, logs etc. The 'end user' is often not aware of existence of

such data, let alone allowed to control or manage them.

Fractured online existenceOn the social web, the number of third-party defined spaces

designed to contain bits of my data - photos, content,

relationships, transactions, purchase history, locations,

knowledge, privacy requirements - grows by the week.

They allow me to create stuff and share it with others online.

This is all good and empowering. But over time, my fractured

existence across various platforms becomes evident.Currently, I lack the means to perform three simple functions -

capture, manipulate and share my data on the web before and

above anyone else and on my own terms.

Personal data vision - my data in my hands

I want a place where my data lives in its raw unrefined form and

is under my control so I can apply functionality that helps me dowhat I want.


10/11

Another reason for privacy is ability to analyse your own data,

in ways that nobody else can, adding value to the data sets

only I can - context, understanding, direct knowledge etc

There is value even before sharing, getting to know my own

behavioural patterns, verifying or disproving my impressions (I

really do drink more than I thought), countering the cognitive

biases human mind is so easy to adopt (it always rains in

London but actually the records tell otherwise).

For example, I'd like to be able to learn from all the data andpurchase history I have on Amazon, in a place that I can call

my own. I'd like to mine or analyse it myself. Combine it with

my reading habits, travels (to make sure I have reading

material for those long airport waits), with my calendar for

peoples birthday to buy them a book, with my notes on

vendors i.e. Amazon's payment and delivery practices, my

purchase history, my opinion about their prices, publishingtrends and then share that with my friends as I see fit.

The Mine! Project

Mine! strives to be user-driven and to see how much privacy

awareness and user 'policy' can be done through UX/UI, which

need to be immediate, intuitive and actionable. This means that

the user has to see, understand and be able to act on theimplications of his or her actions on sharing and disclosure.

Mine! can handle granular to obsessively detailed control over

sharing of data.

[It has to allow for certain messiness in 'ontologies' - the only

ontology that made sense is the one created by the user. Tag

taxonomies are not ideal but all the others are an imposition.In other words, Mine! allows you to release your inner librarian


11/11

or OCD geek for your own data organisation or just enjoy more

specific sharing with others.

Mine! also try to increase privacy awareness by providing anddisplaying various data that inform the user about what's

happening to their data/objects they create and share, namely

meta-data and access logs (slides 17-20).]

We always looking for people to join the project, whether as

coders, UI experts or users who don't mind a bit of a rough ride

in the early days.

~

For more information about VRM or the Mine! project see

www.themineproject.org and/or contact Adriana Lukas:

adriana dot lukas at gmail dot com

___________________

*text between square brackets [ xx ] was not included in my

LIFT presentation but is part of my talks on privacy

lift privacy talk

Documents