SUMMARY OF PRIVACY DISCUSSION

Danny O'Brien from EFF's talk Sunday morning -- by RossMayfield

Strong crypto vs. radical transparency. How to define policy when you don’t know which direction the technology will take us. We know that both work against centralized control. Want work to constitutional privacy statute.

Email: illegal to wiretap, warrants required. On a third party server, protections evaporate after 90 days. Gmail was archiving everything for all time, the bulk of your email was no longer statutory protected, and Google was sending Googlebots to run through email for serving ads – bad precedents for machine reading which will be privacy violating. Invasion of privacy by machines.

Geeks are the first to experience new ways of having privacy violations, such as: aggregate information that is revealing (if you know the first name of someone, you can with 700 searches find someone without their last name)

Social graph privacy problem. Radical transparency is viral.

Slow transformation from false belief in security to trying to anticipating security problems. (third step of completely giving up on it?) It isn’t possible for people to design

I wonder if I could sue someone for Liable if they sell my contact information into Jigsaw’s social graph

There was also a BarCampBlock Privacy Session yesterday

ROUGH TRANSCRIPT FROM IRC:

by Liz Henry & Kent Bye

that's my thought, take it and run

danny: geeks have 20/20 hindsight about privacy

No one estimates the undermining of privacy that is potential w/ technology.

Slashdot comment -- if they don't want their privacy violated, then don't upload the picture to Flickr We don't like to admit the truth of that.

Cyberpunks friended him first on Friendster -

kentbye that doesn't mean we can't make policy about openness etc

or about what govt is allowed to do with data even public data. Or, insurance companies

lizhenry: FYI doing a live transcription...

for example all social network and dating site data that's public could get slurped and analyzed and we all get denied medical insurance

Aggregate information is often very revaealing. e.g. Jonathon Moore

ohhh look your friends are all smokers

so you are more of a health risk

no medical insurance for you

that is the sort of thing that is possible, and it is public data, but, we could make laws about how the data can be used

Searching for private information for people -- e-mail isn't given on dating sites. In the future it might become a lot easier. If it's useful.

Joke: May be useful -- People who dated this person also dated this person...

on okcupid you can do a search on someone's email addy and get their profile

i wonder if we shouldn't be logging this in a separate pibb channel

oh look so and so has dated 5 people in 2 years -- health risk no insurance!

JayDedman: People want anonymity? Answer: When we provide info, we have a model for what that means. e.g. uploading flickr: I'm okay here because people can't search for my face.

posts that he made on Usenet when he made when he was 13 year olds are now searchable -- change name at 21 years old -- or give you a name that's not googlible: John Smith

Recapping SOcial network portiblity -- already went through this w/ enterprise

Someone you know shares info about you to someone like Plaxo -- Enter who YOU met. That info can be tracked later and mined.

What if everything you say at any moment is googible at any time?

RADICAL TRANSPARENCY IS VIRAL

woops

"radical transparency is viral" and we leak information about other people

that is a nice phrase gabew

Radical tranparency is viral -- If you're going to do it, then all of your friends are also going to be de facto a part of it whether they like it or not.

it is nice

Brad Fitz does a hash of your e-mail address to find other friends -- It's then REALLY interesting to do this w/ other people. Could probably have people authenticate your info, but this is PUBLIC info. But someone else can do the same thing, and it's really inefficient to authenticate twice.

fix it danny

Is there a fix for this privacy stuff are we just talking about it. Yes. he does.

tantek and brad "even if they were the pure gods of privacy...." hehehehe

Solution 1: See privacy as same geeks see security

danny declares himself philosopher-god-king...

Treat everything like it should be private data

Different mindset: Anticipate and patch insecurities, then you see your system in a totally new light.

Joke: Step 3 is giving up completely on security

thats not a joke

!

har

IT's complex, and we need a tradeoff -- Anticipate how it'll effect people. Classic PR nightmare: AOL leaking search info and reverse engineer who were doing the searches via egosearching, etc.

Think about usability and other stuff, but we need to think about it referenced for down the road.

But It's a rapidly changing target -- how to design for ti --- Answer: only anticipate it

right if the world knew how often we all egosearched it would be pretty damn funny

WHat if your parents had a record of all of your movements from 0-18 years old

hard to do the "protect the little children from their own parents act of 2008"

Hard to protect children from their parents in a statutory sense.

ahhh just chip them all

chip em all and let google sort em out

this is a fascinating session

thanks to liz & kent

Parents go weird when they're parents -- Joke: Let google sort them out...

tantek talking bout extremely rapid cultural evolution

tra la la

Tantek pushing back: Cultural evolution that's extremely rapid -- can't view it in a rear view mirror

"like trying to drive through the rear view mirror"

kent you are taking better notes than me, thanks

When uploading pix to flickr they didn't think that Date would be coordinating w/ location w/ face recogniation -- retrospectively map yourself and your friends.

i have to go take a phone call dammit

Easy to do -- deduce w/ some probability WHO someone is -- WHo is in your social graph -- who you're are

Tantek: That's the Whole pupose of adding social network chaff -- extra data to divert and flood the system -- You can POLUTE the system by adding random people.

Half Joke: But no one other than Tantek knows to do that. Hate to tell you: You're not my real friend. You're my social network chaff

dB admins are last line of privacy -- and so you need hashes in reverse (er something.)

Tantek: Can't design a negative like that -- but you can w/ no logs or filling dB w/ chaff or using introductin probability chaff, etc.

Joke; Market for fakefriends.com -- It's called friendster

Ross; Wants to sue Jiggsaw for selling social graph

Jiggsaw = B2B world -- You can sell Ross' business card to them to Jiggsaw. Ross wants to sue for libel

But it has to be false -- It's a harmful statement to fixed medium. Jokes...

shrink wrap that biz card with a license agreement hehehehe

Privacy laws that define use of the data -- not going to sell your info

Point out that we're over time...

the discussion can continue; nothing else is scheduled in this room

kent i dnot know who you are in the room

Tantek: Good exploitation of privacy -- Mapping out how lobbiest are corrupting govt. Design for "Privacy Leaky" -- to get more info about Govt. What is better for society? Leaky gets more accountable govt.

Video rental info can't be provided by others -- Congressman's porn habits got discovered and BAM -- it's pretty well protected legislatively now.

Bring into privacy debate sooner. What kind of society do we want? Then we can get better anticipatory legislation.

building anticipatory legislation might be possible. it will happen, and we need to get involved in that debate in order to steer it a little.

most of us are not comfortable with this, but if we dont participate then the legislation wll happen without our input (us the software people and net users/creators)

Need to get into the debate, and we can actually steer where we want this to go.

See the transformation in Google -- new kid on the block -- Oops, determinisitic world about technology -- who cares about privacy.

Now they get smacked down -- by the public or even the govt.

Automatic upload photos to Flickr + Face recognition.... joke...

let's all go to the strip club in darth vader mask and voice disguiser with exploding self destruct business models

business cards

hehehe wino kredyt mieszkaniowy sprzedam mieszkanie sprzedam bilet

Health insurance -- can draw protections for how data is used. W/ large institutions. At the moment you can't use health info to determine your rates. But they can determine who your friends are in the future and possibly tie that into their rates

May not want health insurance folks don't do that...

we were talking about these ideas with health insurance last night

Go see SiCKO -- and health insurance is probably a good ending point for this discussion. People breaking up. That's it.