Cross posted to a couple of lists.

I think that there is an important lesson to be drawn from the Blackphone story (below). While the Blackphone is architected for privacy, the way that that was done reduced user choice (first version without access to the Google Play store). This increased friction and difficulty. Privacy and security are the first items on most peoples' and most organizations' secondary wish list. So long as user experience change is neutral or positive, privacy and security will have a potentially broad appeal. Additional work, effort or friction will doom the product or service to niche status. This explains the roaring success of ad blockers for example. Not only are they dead easy to install, their maintenance and update depends on black lists maintained by someone other than the user. On top of that, ad blockers actually improve the user experience.

In the CISWG, as we get close to a spec for consent receipts, and with the current version off to a spec writer, we now have to start thinking, it seems to me, about how we can present a value proposition that works for for both users and enterprises? Compliance is insufficient. And how will reference implementation of consent receipts and user submitted terms look like an immediate win to a user? I wonder how much of the same logic applies to UMA?

https://www.theguardian.com/technology/2016/jul/08/we-know-people-care-about-privacy-so-why-wont-they-pay-for-it



John Wunderlich,

Sent frum a mobile device,
Pleez 4give speling erurz

"...a world of near-total surveillance and endless record-keeping is likely to be one with less liberty, less experimentation, and certainly far less joy..." A. Michael Froomkin



This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.