Hi Eve and John - Evidently I cannot forward this to the entire list. Please forward it for me if it might be useful in the current discussion.
Hi folks - The link below provides a nice piece from Solove that provides a checklist of the regions in the "privacy" landscape. It is US focused, but all the harms concepts correlate with those in other jurisdictions (where other terms may be applied to compound the confusion).
For UMA design, development and deployment purposes, it seems that the term's ambiguity could use some unpacking before any system design and operation decisions are made to pursue its accomplishment.
The various definitions are not mutually exclusive, but all are relevant to the analysis.
I have also attached a "harms matrix" (the excel spreadsheet that many of you have already seen) that previously attempted that unpacking of the term "Privacy," by correlating different interpretations of the term from dozens of existing laws. Like the Solove article, it seeks to provide a "map" to the privacy landscape. It will help map the relationship among privacy, data security, etc.
Spoiler alert - I believe that each type of harm comes down to measuring the integrity, reliability and predictability of the information input and output channels (data as expression and perception) from the perspective of individuals. The measurements of such "integrity" are myriad, and the accomplishment of a state of acceptable "privacy" for the individual will be contextually and subjectively driven. So that even a stable definition will defy easy categorization. That is familiar territory for the law, which recognizes that humans consistently refuse to be engineered into clear categories. Would we have it be otherwise? Those who desire to create anticipatory measurement of every possible problem "phase space" that is opened up with the exercise of human discretion may be disappointed with the result. This suggested "information channel integrity" paradigm gathers all the disparate pieces into a framework that can be operationalized in law (as it already has been - albeit in a distributed fashion) and technology (as UMA can help to foster). Btw, I welcome critiques/challenges to this "spoiler alert" concept as conceptual "stress testing" prior to its application to socio-technical systems.
It appears that UMA can help individuals to navigate the complex privacy landscape without having to oversimplify that landscape itself. It is akin to how a nature walk is made more satisfactory (at least to nerds like me) with a good nature field guide, even though the guide does not simplify the ecosystem itself - it just helps frame my understanding of and interaction with the intrinsically system. Law and policy (including privacy and data security law) is a field guide to human interaction "ecosystems."
Kind regards,
Scott
Scott L. David
Director of Policy
Center for Information Assurance and Cybersecurity
University of Washington - Applied Physics Laboratory
w- 206-897-1466
m- 206-715-0859
Sent: Thursday, February 4, 2016 8:23 AM
To: John Mathon
Cc: Eve Maler
Subject: Re: [WG-UMA] uma privacy definition
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
Love the discussion! A couple of thoughts on some of the new points made:
- "Who and what can get access": We have discussed many times how the claims-gathering system can also be used to constrain the requesting party around purpose of use limitations, and in fact, the HEART group is just about to take up its "semantic UMA profiling" work, which will likely include this. A technical level of control would have to include layering encryption-type techniques, whereas a business-legal level of control would include techniques such as requiring "opt-in claims" or "signature claims" for the requesting party to complete. I've even discussed with some organizations the prospect of using claims-gathering to have a requesting party agree to take on roles such as "power of attorney" (a proxy role for the resource owner) in the form of sending a claim.
- "Unified control point": This is stated with respect to the nature of the ecosystem in which the services are deployed. Even though UMA has been successfully designed to be identifier-agnostic (see its design principle #3), if Alice's AS is a claims client to Bob's claim sources, without a way to establish trust between them, there are security problems. It's currently possible for Alice to choose her own AS(/likely IdP?) and Bob to choose his own AS(/likely IdP?) if their services can have established trust off-stage (in a medium-ecosystem way vs. totally dynamically) -- though I don't anticipate that this level of choice is actually going to show up in the market super-soon. As I said before, the #wideeco use case is the subject of some of our 2016 work (to be prioritized shortly in today's meeting!).
If you haven't read the old http://tinyurl.com/umapbd paper, it's worth reading it to see where UMA provides the basis for solutions and where it doesn't; e.g., it makes clear that UMA isn't about storage, being API-level. Implementation profiling and deployment profiling therefore, to my mind, play a huge role for interoperable and successful usage in the wild (wherever it's planned to be used cross-organization, anyway).
On Thu, Feb 4, 2016 at 7:04 AM, John Mathon <johnmathon@gmail.com> wrote:
Ken,
Your point is well taken, but is it not the case that UMA can be used as a tool to help an individual protect personal information? It is not a silver bullet in that simply having knowledge of your identification is some information and of course using many methods one might be able to infer many things from other things as well as the user inadvertently giving access indirectly or even directly to someone they didn't realize. We need something in law that says even if you get such information you can't use it without the users permission and you must make effort to delete it or inform them of your knowledge, etc... However, lacking sufficient legal backing and possibly improvements in privacy in general this is a tool that definitely helps the consumer control information including personal information.
I think your point is it should be made clear that protecting personal information is a difficult problem for which UMA is a tool to help but doesn't solve.
John
rgds, John follow me:
On Thu, Feb 4, 2016 at 4:10 AM, Ken Dagg <kendaggtbs@gmail.com> wrote:
Eve and other,
Thank you for your responses. While I agree fully that heading down the rathole of definitions is a tricky and dangerous endeavour, I also strongly believe that it is a necessary exercise (at least to some level of detail). I would encourage UMA to continue. I will also bring the question of defining Privacy to IAWG whose mandate, since it took over the Privacy WG a couple of years ago, includes Privacy.
That being said, your note said that UMA is "an OAuth-based protocol designed to give an individual a unified control point for authorizing who and what can get access to their digital data, content, and services, no matter where all those things live." While I have heard this before it finally sunk in and I think that understand what I have been missing before.
In my mind the key point is the phrase "for authorizing who and what can get access to". In my interpretation that is access to collect - be that for a millisecond examination or for the long term. In other words, also in my interpretation, UMA does nothing for controlling the storage, use or disposal of personally identifiable information. That is not a denunciation of UMA - it is just a statement of what I think I just realized. Am I correct?
If my eureka moment is true my suggestion would be to include an explicit statement in the description of UMA that says that controlling the storage, use and disposal of PII is outside the scope of UMA and the responsibility of other protocols / processes. It may seem to be redundant but I think that this type of statement would get people away from the idea that UMA might be the "silver bullet" to fix their privacy woes that they are all looking to discover. While I've not heard anyone ever say that it is, given the increased emphasis on privacy, I could see some executives making that interpretation.
Again, just my opinion.
Ken
On Wednesday, 3 February 2016, Adrian Gropper <agropper@healthurl.com> wrote:
Privacy by Design always makes me think of the Alice in Wonderland: “When I use a word,” Humpty Dumpty said in rather a scornful tone, “it means just what I choose it to mean — neither more nor less.”If by "narrow" and "medium" ecosystems you mean federations that agree to share an AS, then I understand but that hardly counts as autonomy and it sounds more like an add-on service to an IdP than a new thing. I suppose I just answered my own question about the product :-)
I like NIST's definition of privacy engineering: http://csrc.nist.gov/publications/drafts/nistir-8062/nistir_8062_draft.pdf
On Wed, Feb 3, 2016 at 10:14 PM, John Wunderlich <john@wunderlich.ca> wrote:
Adrian;
Think of it as Privacy by Intent, since it as as much about organizational cultural change and processes as it is about any specific technology.
Sincerely,
John Wunderlich(@PrivacyCDN)
On Feb 3, 2016, at 21:51, Adrian Gropper <agropper@healthurl.com> wrote:
The video is lovely. "nothing about me without me" has been a rallying cry of the Society for Participatory Medicine for years now.
The Venn is somewhat confusing. What is policy? Who's policy is it ?
What ForgeRock is selling is baffling. Who is buying AS from ForgeRock? How many UMA Authorization Servers will one person have? Who will own my AS in the sense of being able to take it off-line if they choose to?
PS: Privacy by Design has never sat well with me. I prefer Privacy Engineering, but that's maybe a personal problem for me.
Adrian
_______________________________________________
On Wed, Feb 3, 2016 at 9:30 PM, Eve Maler <eve@xmlgrrl.com> wrote:
FWIW, I debuted a new, very lightweight Venn diagram in a blog post last week (where ForgeRock was announcing its new platform version with UMA support!) describing elements of privacy. It's not to be taken too literally, but it echoes themes I talked about in this paper and talk from last year.
On Wed, Feb 3, 2016 at 6:01 PM, Ken Dagg <kendaggtbs@gmail.com> wrote:
Hi UmanitRians,
I'm an UMA lurker. That being said, the discussion around privacy is something of great interest to me and I couldn't resist chiming in.
Dictionary definitions, such as the dictionary.com definition below, (not that I'm totally in agreement with these definitions) all seem to revolve around privacy being a state (this part I do agree with) and legislation from various jurisdictions provide requirements to achieve this state (without providing a definition of privacy).
For example, Canada's two pieces of privacy legislation (Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA)) basically specify what must be achieved regarding the collection, storage, use and disposal of Personally Identifiable Information (as well as defining what PII is) including what and where consent is required.
I would suggest that defining privacy without defining the requirements (including consent) for achieving it would be negligent and doing a disservice to UMA.
My two cents,Ken
1. the state of being apart from other people orconcealed from their view; solitude; seclusion: (Please leave the room and give me some privacy.)2. the state of being free from unwanted or undue intrusion or disturbance in one's private life or affairs; freedom to be let alone: (Tourists must respect the tribe’s privacy. Those who wish to smoke can do so in the privacy of their own homes.) See also invasion of privacy.3. freedom from damaging publicity, public scrutiny,secret surveillance, or unauthorized disclosure ofone’s personal data or information, as by agovernment, corporation, or individual: (Ordinary citizens have a qualified right to privacy. There is so much information about us online that personal privacy may be a thing of the past.)4. the state of being concealed; secrecy: (Before he told us of his plans, he insisted on total privacy.)--
On Wednesday, 3 February 2016, Eve Maler <eve@xmlgrrl.com> wrote:
I don't think there is any UMA publication that defines privacy, but there is one (older) publication that discusses UMA with respect to Privacy by Design, here:
I was thinking recently that it might be a good time to revise this paper, and/or write a new and more expanded one, in light of the many regulatory moves being made and discussions about the role of "consent" (as UMA enables) within those regulations. (I happen to have been doing a lot of writing and presenting along those lines in various forms myself lately, and others of us such as Jon Neiditz have as well.)
On Tue, Feb 2, 2016 at 9:07 AM, arr@worldknowledgebank.com <arr@worldknowledgebank.com> wrote:
Is there an uma definition of privacy?
Regards,
Ann Racuya-Robbins
“When you share what you know in a just way
you sustain life and transform the way the world works.”
Ann Racuya-Robbins
Founder
Virtual Democratic Countries
https://www.worldknowledgebank.com
4440 Willard Ave #729
Chevy Chase, MD 20815
and
2 Placita Road, La Puebla, Espanola, New Mexico 87532
202.304.7103, 505.216.5343, 301.951.1809
This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication.
Kenneth Dagg
Independent Consultant
Identification and Authentication
613-825-2091
kendaggtbs@gmail.com
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
--
Kenneth Dagg
Independent Consultant
Identification and Authentication
613-825-2091
kendaggtbs@gmail.com
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
