Robin, Excellent. You've captured important parts of the essence of the situation. One way to think about watermarking your, for ex. email address: you will provide a different email address (or a different 'handle' or 'identifier') to each merchant. This abstraction mechanism will permit the audit of leaks, because the handles that refer to your real email address will each function just as the real email address would, but will permit auditability and the ability to track leaks to their source. Other pieces of the puzzle include authentication and non-repudiation of each side of each transaction, in parallel with privacy and auditability. Authentication should not compromise privacy. Non-repudiation assists with audits. regards, rich On 15/1/11 6:48 AM, Robin Wilton wrote:
Generallly this is what I and some others have been describing as the problem of "Privacy Beyond First Disclosure"... That is:
- One way to express it is to say that privacy is not the same as secrecy... I can achieve secrecy by keeping everything to myself - [viz. "There's no such thing as a shared secret".... ;^)] but privacy is actually about how I retain control over data which I disclose.
- At one level, as Bob Blakley put it, you cannot control the narrative which others construct about you. To that extent you have to accept that total privacy cannot co-exist with social interaction. Even a hermit can't stop other people gossiping about him.
- If you try to retain control over disclosed data by technical means alone, then as Ben said below, it implies a working and ubiquitous DRM infrastructure - which is neither technically realistic nor (probably) socially desirable. The opportunities such an infrastructure would create for abuse might well outweigh the potential privacy-related benefit.
- Realistically, a privacy architecture would have to consist, then, of a combination of technical and non-technical measures... In other words, part of your privacy protection will come from factors such as contractual provisions and legal recourse.
- I think that for those factors to work, the technology layer has to do a better job of providing an audit trail which is transparent to the right stakeholders, and which introduces a real possibility of accountability.
- I suspect that something DRM-like has a role to play in that architecture, if only in the form of something analogous to watermarking. In other words, if I give my address to two online merchants and one of them passes it on, against my will, to a third party, I really neeed to be able to tell which is the leaky merchant.
Hope this helps -
Robin On Thu, 13 Jan 2011 12:12 +1300, "Colin Wallis" <Colin.Wallis@dia.govt.nz> wrote:
I agree you cannot prevent it as in a 100% guarantee, but privacy aware technical design and the use of pseudonymity can make it darn hard and potentially not worth the effort …. vs. legal interception for example…
But that's a different realm - law enforcement. It's not user centric identity management. you design so these two cannot intersect.
Cheers
Colin
From:community-bounces@kantarainitiative.org [mailto:community-bounces@kantarainitiative.org] On Behalf Of Ben Laurie Sent: Thursday, 13 January 2011 6:01 a.m. To: Graham Sadd Cc: community@kantarainitiative.org; Frank Wray; community@lists.idcommons.net; trutkowski@netmagic.com; Rob Marano Subject: Re: [Kantara - Community] [community] an interesting question
On 12 January 2011 16:49, Graham Sadd <graham.sadd@paoga.com <mailto:graham.sadd@paoga.com>> wrote:
Trust requires a 2-way interaction and there are considerable benefits to organisations, public and private, from sharing the load of Personal Information Management with the subject. Given that appropriate authentication and Verification procedures are followed then there are mutual advantages in a record being accurate and up-to-date, reduced costs and automatic legal compliance among them.
I do not dispute this, but you should not ask for the impossible: "What I don’t want is any organisation, public or private, passing it on without my knowledge or consent.". You cannot prevent this. You can penalise people who do, but you can't prevent it.
Graham Sadd
Chairman & CEO
paoga document header
Trusted Relationship Management
T:+44 (0) 1628 510777 <tel:+441628510777>
M:+44 (0) 7958 056171 <tel:+447958056171>
E: graham.sadd@paoga.com <mailto:graham.sadd@paoga.com>
W:www.paoga.com <http://www.paoga.com>
B:_blog.grahamsadd.com <http://blog.grahamsadd.com/>_
From:Ben Laurie [mailto:benl@google.com <mailto:benl@google.com>] Sent: 12 January 2011 15:58 To: Graham Sadd Cc: Frank Wray; trutkowski@netmagic.com <mailto:trutkowski@netmagic.com>; Drummond Reed; Mary Ruddy; Walsh, Alan J; Rob Marano; community@lists.idcommons.net <mailto:community@lists.idcommons.net>; community@kantarainitiative.org <mailto:community@kantarainitiative.org>
Subject: Re: [community] an interesting question
On 12 January 2011 15:35, Graham Sadd <graham.sadd@paoga.com <mailto:graham.sadd@paoga.com>> wrote:
What I don’t want is any organisation, public or private, passing it on without my knowledge or consent.
In order to achieve this you have to make DRM work - and persuade everyone you interact with to use the hardware required for DRM. Both seem to be impossible.
_Notice/Disclaimer_
Internet communications are not secure and the company (PAOGA Limited) does not accept legal liability for the integrity of the contents of this message. This email is confidential and the contents may not be disclosed or used by anyone other than the intended recipient. If you are not the intended recipient and receive this email, please immediately contact the sender at the above location.
Whilst PAOGA Limited attempts to sweep email and attachments for viri and other malware. It does not guarantee that either virus or malware-free and PAOGA Limited accepts no liability for any damage sustained as a result of viral or other similar infections. Anyone who communicates with us by email is taken to accept these risks.
PAOGA Limited. Registered Office in UK No: 4572417, Registered Office: Moor Place, Moorlands Drive, Pinkneys Green, Maidenhead, Berkshire. SL6 6QS
==== CAUTION: This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you. ==== _______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community
Robin Wilton +44 (0)705 005 2931
_______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community
-- regards, rich Richard Fetik, CISSP - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 831 531 4072 fetik@data-confidential.com Data Confidential - Intelligent Security for a Digital World