Generallly this is what I and some others have been describing as the problem of "Privacy Beyond First Disclosure"... That is:
 
- One way to express it is to say that privacy is not the same as secrecy... I can achieve secrecy by keeping everything to myself - [viz. "There's no such thing as a shared secret".... ;^)] but privacy is actually about how I retain control over data which I disclose.
 
- At one level, as Bob Blakley put it, you cannot control the narrative which others construct about you. To that extent you have to accept that total privacy cannot co-exist with social interaction. Even a hermit can't stop other people gossiping about him.
 
- If you try to retain control over disclosed data by technical means alone, then as Ben said below, it implies a working and ubiquitous DRM infrastructure - which is neither technically realistic nor (probably) socially desirable. The opportunities such an infrastructure would create for abuse might well outweigh the potential privacy-related benefit.   
 
- Realistically, a privacy architecture would have to consist, then, of a combination of technical and non-technical measures... In other words, part of your privacy protection will come from factors such as contractual provisions and legal recourse.
 
- I think that for those factors to work, the technology layer has to do a better job of providing an audit trail which is transparent to the right stakeholders, and which introduces a real possibility of accountability.
 
- I suspect that something DRM-like has a role to play in that architecture, if only in the form of something analogous to watermarking. In other words, if I give my address to two online merchants and one of them passes it on, against my will, to a third party, I really neeed to be able to tell which is the leaky merchant.
 
 
Hope this helps -
 
Robin
On Thu, 13 Jan 2011 12:12 +1300, "Colin Wallis" <Colin.Wallis@dia.govt.nz> wrote:

I agree you cannot prevent it as in a 100% guarantee, but privacy aware technical design and the use of pseudonymity can make it darn hard and potentially not worth the effort …. vs. legal interception for example…

 

But that's a different realm - law enforcement.  It's not user centric identity management. you design so these two cannot intersect.

 

Cheers

Colin

 

From: community-bounces@kantarainitiative.org [mailto:community-bounces@kantarainitiative.org] On Behalf Of Ben Laurie
Sent: Thursday, 13 January 2011 6:01 a.m.
To: Graham Sadd
Cc: community@kantarainitiative.org; Frank Wray; community@lists.idcommons.net; trutkowski@netmagic.com; Rob Marano
Subject: Re: [Kantara - Community] [community] an interesting question

 

 

On 12 January 2011 16:49, Graham Sadd <graham.sadd@paoga.com> wrote:

Trust requires a 2-way interaction and there are considerable benefits to organisations, public and private, from sharing the load of Personal Information Management with the subject. Given that appropriate authentication and Verification procedures are followed then there are mutual advantages in a record being accurate and up-to-date, reduced costs and automatic legal compliance among them.

 

I do not dispute this, but you should not ask for the impossible: "What I don’t want is any organisation, public or private, passing it on without my knowledge or consent.". You cannot prevent this. You can penalise people who do, but you can't prevent it.

 

 

Graham Sadd

Chairman & CEO

 

paoga document header

Trusted Relationship Management

 

T: +44 (0) 1628 510777

M: +44 (0) 7958 056171

E:   graham.sadd@paoga.com

W: www.paoga.com

B: blog.grahamsadd.com

 

From: Ben Laurie [mailto:benl@google.com]
Sent: 12 January 2011 15:58
To: Graham Sadd
Cc: Frank Wray; trutkowski@netmagic.com; Drummond Reed; Mary Ruddy; Walsh, Alan J; Rob Marano; community@lists.idcommons.net; community@kantarainitiative.org


Subject: Re: [community] an interesting question

 

 

On 12 January 2011 15:35, Graham Sadd <graham.sadd@paoga.com> wrote:

What I don’t want is any organisation, public or private, passing it on without my knowledge or consent.

 

In order to achieve this you have to make DRM work - and persuade everyone you interact with to use the hardware required for DRM. Both seem to be impossible.

 

 

Notice/Disclaimer

 

Internet communications are not secure and the company (PAOGA Limited) does not accept legal liability for the integrity of the contents of this message.  This email is confidential and the contents may not be disclosed or used by anyone other than the intended recipient.  If you are not the intended recipient and receive this email, please immediately contact the sender at the above location.

 

Whilst PAOGA Limited attempts to sweep email and attachments for viri and other malware.  It does not guarantee that either virus or malware-free and PAOGA Limited accepts no liability for any damage sustained as a result of viral or other similar infections.  Anyone who communicates with us by email is taken to accept these risks.

 

PAOGA Limited.  Registered Office in UK No: 4572417, Registered Office:  Moor Place, Moorlands Drive, Pinkneys Green, Maidenhead, Berkshire.  SL6 6QS

 

====
CAUTION:  This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
==== 
_______________________________________________
Community mailing list
Community@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/community
Robin Wilton
+44 (0)705 005 2931