Thanks Rich -
Yes, that's a good example. My daughter once signed up to a mail
order catalogue and gave her Title as "Sheriff". It worked well
for one mail-order company.
Beyond that, it can become a problem of 'persona management', as
you try to remember which identifiers you have assigned to which
service provider. The other occasional problem is those service
providers (online) who don't let you pick your own identifier...
But the principle is a good one, which boils down to is
management of multiple pesudonyms.
Then there's the issue of applying the same principle to
disclosures of data other than identifiers...
Yrs.,
Robin
On Sat, 15 Jan 2011 13:02 -0800, "Richard Fetik"
wrote:
Robin,
Excellent. You've captured important parts of the essence of the
situation.
One way to think about watermarking your, for ex. email address:
you will provide a different email address (or a different
'handle' or 'identifier') to each merchant. This abstraction
mechanism will permit the audit of leaks, because the handles
that refer to your real email address will each function just as
the real email address would, but will permit auditability and
the ability to track leaks to their source.
Other pieces of the puzzle include authentication and
non-repudiation of each side of each transaction, in parallel
with privacy and auditability. Authentication should not
compromise privacy. Non-repudiation assists with audits.
regards, rich
On 15/1/11 6:48 AM, Robin Wilton wrote:
Generallly this is what I and some others have been describing
as the problem of "Privacy Beyond First Disclosure"... That is:
- One way to express it is to say that privacy is not the same as
secrecy... I can achieve secrecy by keeping everything to myself
- [viz. "There's no such thing as a shared secret".... ;^)] but
privacy is actually about how I retain control over data which I
disclose.
- At one level, as Bob Blakley put it, you cannot control the
narrative which others construct about you. To that extent you
have to accept that total privacy cannot co-exist with social
interaction. Even a hermit can't stop other people gossiping
about him.
- If you try to retain control over disclosed data by technical
means alone, then as Ben said below, it implies a working and
ubiquitous DRM infrastructure - which is neither technically
realistic nor (probably) socially desirable. The opportunities
such an infrastructure would create for abuse might well outweigh
the potential privacy-related benefit.
- Realistically, a privacy architecture would have to consist,
then, of a combination of technical and non-technical measures...
In other words, part of your privacy protection will come from
factors such as contractual provisions and legal recourse.
- I think that for those factors to work, the technology layer
has to do a better job of providing an audit trail which is
transparent to the right stakeholders, and which introduces a
real possibility of accountability.
- I suspect that something DRM-like has a role to play in that
architecture, if only in the form of something analogous to
watermarking. In other words, if I give my address to two online
merchants and one of them passes it on, against my will, to a
third party, I really neeed to be able to tell which is the leaky
merchant.
Hope this helps -
Robin
On Thu, 13 Jan 2011 12:12 +1300, "Colin Wallis"
[1] wrote:
I agree you cannot prevent it as in a 100% guarantee, but privacy
aware technical design and the use of pseudonymity can make it
darn hard and potentially not worth the effort …. vs. legal
interception for example…
But that's a different realm - law enforcement. It's not user
centric identity management. you design so these two cannot
intersect.
Cheers
Colin
From: [2]community-bounces@kantarainitiative.org
[[3]mailto:community-bounces@kantarainitiative.org] On Behalf Of
Ben Laurie
Sent: Thursday, 13 January 2011 6:01 a.m.
To: Graham Sadd
Cc: [4]community@kantarainitiative.org; Frank Wray;
[5]community@lists.idcommons.net; [6]trutkowski@netmagic.com; Rob
Marano
Subject: Re: [Kantara - Community] [community] an interesting
question
On 12 January 2011 16:49, Graham Sadd <[7]graham.sadd@paoga.com>
wrote:
Trust requires a 2-way interaction and there are considerable
benefits to organisations, public and private, from sharing the
load of Personal Information Management with the subject. Given
that appropriate authentication and Verification procedures are
followed then there are mutual advantages in a record being
accurate and up-to-date, reduced costs and automatic legal
compliance among them.
I do not dispute this, but you should not ask for the impossible:
"What I don’t want is any organisation, public or private,
passing it on without my knowledge or consent.". You cannot
prevent this. You can penalise people who do, but you can't
prevent it.
Graham Sadd
Chairman & CEO
paoga document header
Trusted Relationship Management
T: [8]+44 (0) 1628 510777
M: [9]+44 (0) 7958 056171
E: [10]graham.sadd@paoga.com
W: [11]www.paoga.com
B: [12]blog.grahamsadd.com
From: Ben Laurie [mailto:[13]benl@google.com]
Sent: 12 January 2011 15:58
To: Graham Sadd
Cc: Frank Wray; [14]trutkowski@netmagic.com; Drummond Reed; Mary
Ruddy; Walsh, Alan J; Rob Marano;
[15]community@lists.idcommons.net;
[16]community@kantarainitiative.org
Subject: Re: [community] an interesting question
On 12 January 2011 15:35, Graham Sadd <[17]graham.sadd@paoga.com>
wrote:
What I don’t want is any organisation, public or private, passing
it on without my knowledge or consent.
In order to achieve this you have to make DRM work - and persuade
everyone you interact with to use the hardware required for DRM.
Both seem to be impossible.
Notice/Disclaimer
Internet communications are not secure and the company (PAOGA
Limited) does not accept legal liability for the integrity of the
contents of this message. This email is confidential and the
contents may not be disclosed or used by anyone other than the
intended recipient. If you are not the intended recipient and
receive this email, please immediately contact the sender at the
above location.
Whilst PAOGA Limited attempts to sweep email and attachments for
viri and other malware. It does not guarantee that either virus
or malware-free and PAOGA Limited accepts no liability for any
damage sustained as a result of viral or other similar
infections. Anyone who communicates with us by email is taken to
accept these risks.
PAOGA Limited. Registered Office in UK No: 4572417, Registered
Office: Moor Place, Moorlands Drive, Pinkneys Green, Maidenhead,
Berkshire. SL6 6QS
====
CAUTION: This email message and any attachments contain
information that may be confidential and may be LEGALLY
PRIVILEGED. If you are not the intended recipient, any use,
disclosure or copying of this message or attachments is
strictly prohibited. If you have received this email message
in error please notify us immediately and erase all copies of
the message and attachments. Thank you.
====
_______________________________________________
Community mailing list
[18]Community@kantarainitiative.org
[19]http://kantarainitiative.org/mailman/listinfo/community
Robin Wilton
+44 (0)705 005 2931
_______________________________________________
Community mailing list
[20]Community@kantarainitiative.org
[21]http://kantarainitiative.org/mailman/listinfo/community
--
regards, rich
Richard Fetik, CISSP
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - -
831 531 4072
[22]fetik@data-confidential.com
Data Confidential - Intelligent Security for a Digital World
References
1. mailto:Colin.Wallis@dia.govt.nz
2. mailto:community-bounces@kantarainitiative.org
3. mailto:community-bounces@kantarainitiative.org
4. mailto:community@kantarainitiative.org
5. mailto:community@lists.idcommons.net
6. mailto:trutkowski@netmagic.com
7. mailto:graham.sadd@paoga.com
8. tel:+441628510777
9. tel:+447958056171
10. mailto:graham.sadd@paoga.com
11. http://www.paoga.com/
12. http://blog.grahamsadd.com/
13. mailto:benl@google.com
14. mailto:trutkowski@netmagic.com
15. mailto:community@lists.idcommons.net
16. mailto:community@kantarainitiative.org
17. mailto:graham.sadd@paoga.com
18. mailto:Community@kantarainitiative.org
19. http://kantarainitiative.org/mailman/listinfo/community
20. mailto:Community@kantarainitiative.org
21. http://kantarainitiative.org/mailman/listinfo/community
22. mailto:fetik@data-confidential.com
Robin Wilton
+44 (0)705 005 2931